CyanogenMod, the wildly popular Android mobile open source operating system, has partnered with Open Whisper Systems, makers of the free and open source TextSecure app, to bring SMS and MMS encryption to all devices where CyanogenMod is installed.
Users of the TextSecure Android app (an iOS app is being developed) have always been able to send encrypted messages to other TextSecure users, but the beauty of baking the code in with CyanogenMod is that the OS’s 10 million confirmed user-base (it is estimated that as many as another 20 million users might exist ‘in the wild’) will automatically use secure messaging when communicating with another CyanogenMod user, or Android users with TextSecure installed. In addition to this, while Android users must communicate using TextSecure app, CyanogenMod users can use any SMS app while still benefiting from the additional security and privacy afforded.
As implemented in CyanogenMod, WhisperSystems’ custom encryption layer TextSecure V2 uses perfect forward secrecy for each text, so that if any keys are compromised the attacker will only have access to one small part of the conversation. Encryption is 256-bit AES with the Curve25519 Diffie-Hellman function and HmacSHA256 hash authentication. This all sounds very impressive, although as all the above standards are NIST certified or developed, we will content ourselves with pointing out our standing objections to NIST ciphers.
Built-in TextSecure support is included with current nightly builds of CyanogenMod version 10.2, and will appear in all future versions of the OS.