BreakingModern — There’s a lot of SMS apps out there that are much better than whatever stock messaging app came with your new Android phone, but there’s only one I keep reinstalling. It’s a secure messaging app by the wonderful developers over at Open Whisper Systems called TextSecure.
I first started using TextSecure on my Verizon Galaxy Nexus when I had (finally) finished with Handcent. It’s been four years of TextSecure, with solid everyday use, and I’ve never looked back. Granted, back in the early days it wasn’t the most-shiny app to look at, nor was it the easiest to use. But hey, neither was Android.
Open Source Security
This was back when people were first starting to hear about all the fun government spying projects, so there wasn’t much of a security focus in messaging apps, and if there was, it wasn’t targeted toward mainstream users. The weird thing was, after all the Snowden leaks came to light, and the whole security/privacy issue became a legitimate concern, most of the popular messaging apps still completely skipped over security functionality. If they had secure messaging functionality, it was closed source or implemented poorly.
I’m a huge fan of open source software. The more people and community at large that have access to the source code of any given piece of software, the better and more-secure that software tends to be. This is especially true in the world of cryptography when trying to write something totally secure. Crypto is so complex that it’s not always easy to get the implementation bulletproof.
It’s even more-complicated if the code is restricted to the people who created the code. Just ask any of the major companies who have been in the news recently because they can’t seem to keep their databases safe. They wish they had the foresight to use open source software because it would have been pounded, over and over again, by people other than the original developers and therefore much safer.
TextSecure is open source, which means anyone can hammer away on the code and find bugs in the crypto implementation. Over time, this makes for one incredibly secure messaging app. Check out the TextSecure source code on GitHub and see for yourself.
So, you might wonder how TextSecure works? I’m not going to get into the whole crypto implementation of the new TextSecure messaging version 2 protocol, because smarter people have already written it up. To put it in super-simple terms, all you have to do is install TextSecure and give it a password. It then generates your keys and just like magic you are ready to go.
I use TextSecure in two ways. The first is to have it encrypt my local text message database. In the options there is a setting that will timeout the passphrase. I check this setting and then set a timeout that is applicable to my use. If you set it too low, you’ll always be entering your password, but if you set it too high, someone might have a chance to get your messages before the timeout occurs. This feature is great if you ever lose your phone or have people who like to snoop through your phone while it happens to be out of your sight. Once the timeout happens, your messages are encrypted and you’ll have to enter your password again. I would show you screenshots of this, but another cool feature is that TextSecure blocks screenshots. That will make sure no one can screen-capture your messages when you aren’t looking. Very helpful.
The second way I use TextSecure is to encrypt messages sent to my friends who are also using TextSecure. When TextSecure detects I am messaging another TextSecure user, it will automatically complete a key exchange with that user and encrypt all messages to and from them — end-to-end style.
The new protocol defaults to using the data channel to send encrypted messages, but if there is no data connection, it will encrypt over the normal SMS channel. If you are the super-paranoid type, when you are in person with the individual you are messaging, you can verify their key. That way you know you are sending messages to the person you think you are.
Along with the easy key exchange in the new version of the app, they have cleaned up TextSecure’s interface and made the group chat capability much better. TextSecure is definitely the first app I install on my phone whenever I upgrade, and you should, too. Hit the Google Play Store page for TextSecure (It’s free!) and start texting more securely right now.
Are you an iPhone user? Don’t fret. There’s an Apple iOS version coming out soon!
- Have a great app you want to share? Email it to [email protected]
All screenshots: Mat Lee