Nightly CyanogenMod tightens SMS security
CyanogenMod began adding secure text messaging to its unstable, nightly version on Monday. When the feature eventually reaches the stable build of the popular third-party Android ROM, it will have around 10 million people on its rolls.
More than 9.7 million people, which averages around 20,000 new installs every 24 hours. By far, it is the most popular custom Android ROM.
Designed by well-known independent security engineer Moxie Marlinspike, TextSecure’s security bona fides are impressive. It uses Open WhisperSystems’ custom encryption layer,TextSecure v2; the cryptographic algorithms Curve25519, AES-256, and HmacSHA256; and perfect forward secrecy, which is starting to gain traction as major tech companies employ it to cut down on snooping. The entire TextSecure project is open source, which means not only can others use the code in their own apps, but that security researchers will be able to verify the efficacy of the encryption for themselves.
In addition to TextSecure, CyanogenMod has built into their implementation of it the “middleware” that allows them to integrate Google Voice into any messaging app. This will allow messages to other TextSecure or CyanogenMod users to be encrypted, regardless of which SMS app is being used. Marlinspike said that there would be some kind of notification, so that users are notified when a text will be received by an insecure device.
Marlinspike revealed in his blog post about the CyanogenMod integration that Open WhisperSystems has plans to develop TextSecure as a desktop-to-mobile, cross-platform messaging system, and is currently working on a browser extension for TextSecure.