CyanogenMod began adding secure text messaging to its unstable, nightly version on Monday. When the feature eventually reaches the stable build of the popular third-party Android ROM, it will have around 10 million people on its rolls.
Designed by well-known independent security engineer Moxie Marlinspike, TextSecure's security bona fides are impressive. It uses Open WhisperSystems' custom encryption layer, TextSecure V2; the cryptographic algorithms Curve25519, AES-256, and HmacSHA256; and perfect forward secrecy, which is starting to gain traction as major tech companies employ it to cut down on snooping. The entire TextSecure project is open source, which means not only can others use the code in their own apps, but that security researchers will be able to verify the efficacy of the encryption for themselves.
- CyanogenMod version of Android exceeds 10M installations
- Google gives thumbs-up to first Cyanogen phone
- CyanogenMod raises $23 million
- Why Android won't be getting App Ops anytime soon
- Oppo sets N1 swivel-cam Android phone price at $599
- Google ejects CyanogenMod installer, citing warranty worries
- CyanogenMod Installer now in Google Play store
In addition to TextSecure, CyanogenMod has built into their implementation of it the "middleware" that allows them to integrate Google Voice into any messaging app. This will allow messages to other TextSecure or CyanogenMod users to be encrypted, regardless of which SMS app is being used. Marlinspike said that there would be some kind of notification, so that users are notified when a text will be received by an insecure device.
Marlinspike revealed in his blog post about the CyanogenMod integration that Open WhisperSystems has plans to develop TextSecure as a desktop-to-mobile, cross-platform messaging system, and is currently working on a browser extension for TextSecure.
CyanogenMod also revealed on Monday early plans for a screencast app to ship with the next major update to the custom ROM.