CyanogenMod developers have announced the fruit of several months of labor headed by Open Whisper Systems’ Moxie Marlinspike: a seamless implementation of TextSecure, the latter firm’s well-known and trusted SMS encryption solution.
CyanogenMod is one of the most popular modified and open source Android firmware on the market – its user base has surpassed the ten million mark and keeps growing.
“We’ve modified the Cyanogen SMS/MMS provider to speak the TextSecure protocol. If an outgoing SMS message is addressed to another CyanogenMod or TextSecure user, it will be transparently encrypted and sent over the data channel as a push message to the receiving device. That device will then decrypt the message and deliver it to the system as a normal incoming SMS,” Marlinspike explained in a blog post.
“The result is a system where a CyanogenMod user can choose to use any SMS app they’d like, and their communication with other CyanogenMod or TextSecure users will be transparently encrypted end-to-end over the data channel without requiring them to modify their work flow at all.”
In the event that one of the parties does not use CyanogenMod or TextSecure, the implementation simply and silently falls back to sending a normal, unencrypted SMS message.
For the more technical-minded, he offered details on the protocols and cryptographic primitives used, as well as on the integration between servers. CyanogenMod developers also pointed out that the source for this code will be made public, and have invited knowledgeable users to audit it.
“Cyanogen deserves enormous praise for their substantial commitment of time and resources to this development effort,” noted Marlinspike. “Their genuine resolve to protect their users from large-scale dragnet surveillance is truly remarkable in a world where most companies are instead angling to collect as much information about their users as possible.”
The in-firmware version of TextSecure will firstly be incorporated in the CyanogenMod 10.2 nightly stream and then, if everything works as it should and the servers can take the load, it will be included in CM 11 and onwards.