Koushik Dutta recently shared of Google+ the possibility of a secure push messaging service which will encrypt messages sent between CyanogenMod users from end-to-end. Design inspired by iMessaging and ignited by recent security concerns. If the quote I’m about to paste isn’t good enough, check out the original post here
Secure/push messages in +CyanogenMod
We’ve been focusing on data security lately; +Steve Kondik got the ball rolling with Privacy Guard. And obviously, recent events have made privacy concerns a global discussion.
The Privacy Guard contribution is the philosophy I like to to see in these types of data security implementations: seamless protection of the user data. If it’s a pain to use, or if it breaks third party apps, it’s going to be a negative experience, and we’re doing it wrong.
One of the interesting developments of the past couple weeks is that iMessage, is not snoopable by a third party, not even Apple (or so they would have you believe .
Regardless of whether that is true; I love the design philosophy of iMessage: it works transparently, and encrypts the user’s message between iOS users and fails over to SMS as needed. Frictionless.
I’d thrown a poll out there, to see what sort of cohesiveness +CyanogenMod users have. Surprisingly high. Many +CyanogenMod text a lot with other+CyanogenMod users.
(Which makes sense, as our growth to 7M users is entirely organic and word of mouth)
Anyways, TL;DR. I’ve built out a secure/push based messaging plugin for CyanogenMod. Messages between two CyanogenMod will be encrypted end to end and sent over GCM. It’s built into the framework; so it works transparently, even with third party apps. (This is actually one of the cooler points IMO, and I do a lot of testing with GoSMS, etc)
It’s basically PGP (encryption + authenticity) for text messages, built into the system.
There are two minor changes to the telephony and framework to support this:
Add Middleware hooks to IccSmsInterfaceManagerProxy. This allows a sent SMS message to be intercepted and rewritten or sent over another transport.
Add other various framework support bits (new permissions). Grant system apps priority in case of ordered broadcast priority tie.
Here’s the source for the app/plugin, which is still under heavy development.
At this point, I’m looking to get some feedback, discussion, thoughts, etc on this project. Not ready for active testing yet.
I, for one, am very excited to see this come to fruition.
What do you guys think? Let us know in the comments below!