CyanogenMod is a popular custom ROM for a lot of reasons. There’s the AOSP base, stock Android stylings, availability on a wide array of devices, and deep customization options. We install CM on our phones as a rule. It’s just the best way to experience Android on a non-Nexus device. You can’t beat the combination of Holo, features, and faster updates than the carriers are interested in doing.
There’s also the added benefit of security. CyanogenMod is a product of a community of loyal Android developers. It’s free and open source. You don’t have to worry about little surprises like CarrierIQ. The CM guys aren’t interested in snooping on your device any more than the occasional bug report. That’s a nice feature to have.
The developers of CyanogenMod have also taken it upon themselves to rectify what they see as security flaws in Android. CM creator Steve Kondik added Privacy Guard, a secure mode which bars apps from accessing the GPS or “contacts, calendar, browser history, [or] messages.” AndroidPolice called it a “must-have feature for the more privacy conscious among us.”
Today CyanogenMod is continuing that push with a new initiative for secure messaging. If they can pull off this new way of texting, your messages could become that much more secure. While it may not necessarily prevent the NSA from snooping in on your conversations, it will make your messages “encrypted end to end.”
The Goal of Encrypted Messaging on Android
What Is It?
Koushik Dutta posted to Google+ a lengthy explanation of the process and the goal of CM secure messaging. In a nutshell, they’re aiming to encrypt messages between any two CM devices.
The service is inspired by the recent revelation that Apple’s iMessage is a thorn in the side of federal investigative agencies like the FBI and DEA. CNET got their hands on internal documents complaining that only the non-iMessage texts were visible.
The CyanogenMod guys want something similar. “Regardless of whether [iMessage’s invulnerability] is true; I love the design philosophy of iMessage: it works transparently and encrypts the user’s message between iOS users and falls over to SMS as needed,” Dutta wrote. “Frictionless.”
Dutta is working on a system which essentially does the same thing for CyanogenMod devices. “It’s basically PGP (encryption + authenticity) for text messages, built into the system.”
How Does It Work?
Here’s what happens when one CM user sends a text to another CM user. We’ll call these two theoretical people Alan and Betsy. When Alan pushes the send button in the SMS app, the system checks if Betsy has CyanogenMod installed.
When it finds out she does, the system copies the text into a secure, encrypted message. It sends this instead of the text to Betsy. In theory, only she can decrypt the message.
If this system fails (or one party doesn’t run CM), the system falls back onto basic SMS messaging. In theory, this should create a seamless experience that adds features to SMS without complicating it or adding yet another messaging app.
Dutta claims universal compatibility as well. “It’s built into the framework; so it works transparently, even with third party apps” (emphasis his).
Can I Use It?
In a word, no. “At this point, I’m looking to get some feedback, discussion, thoughts, etc on this project,” Dutta wrote. “Not ready for active testing yet.”
This feature is still in the very early stages of conception. If you’d like to be involved in its development, check out the source code on GitHub. With any luck, this will become a part of CyanogenMod in the future.