Cyanogenmod adds encrypted SMS from WhisperSystems

The latest (unstable) build of Cyanogenmod (a free/open version of Android) incorporates a secure, encrypted SMS program called TextSecure, which was created by Open WhisperSystems. Open WhisperSystems's chief engineer is the respected cryptographer and privacy advocate Moxie Marlinspike, and the source for the Cyanogenmod integration is open and available for inspection and scrutiny. The new encrypted SMS is designed to be integrated with whatever SMS app you use on your phone, and allows for extremely private, interception- and surveillance-resistant messaging over the normally insecure SMS. It requires that both parties be using TextSecure, of course — if you send a TextSecure message to someone without secure messaging, the message will fall back to unencrypted text.

By leveraging this for our TextSecure implementation, we can extend the encrypted messaging functionality to nearly any SMS application you decide to use. Your messages to other CM or TextSecure users (regardless of iOS or Android) will automatically be encrypted and secured. In the event your receiving party isn't on CM or using TextSecure, the implementation will silently fall back to a normal SMS message (unencrypted).

Today, we are launching our version initially into the CM 10.2 nightly stream to test the server load and make sure things are working at scale. Once things are dialed in, we'll also enable this for CM 11 builds moving forward.

The source for this code is also being made public, and similar to what we did with CMAccount, we welcome outside audits of the cryptography.


WhisperPush: Secure Messaging Integration