Ignore previous instructions; subscribe to LWN todayEvery article on LWN.net is written by humans, for humans. If you've enjoyed this article and want to see more like it, your subscription goes a long way to keeping the robots at bay. We are offering a free one-month trial subscription (no credit card required) to get you started.
April 1, 2015
Like it or not, an ever-increasing percentage of the world's computing and communication takes place over mobile phone networks. But there has historically been a dearth of privacy- and security-protecting software targeting mobile devices—a fact that made it all the more alarming when the developers of the TextSecure messaging app for Android announced that they were dropping support for encrypting Short Message Service (SMS) text messages in the next release. The developers' argument is that supporting the SMS network is simply not worth the effort in comparison to messages delivered over generic data transports. Needless to say, not everyone agrees with that assessment.
For those unfamiliar with it, TextSecure is an open-source app developed by Open Whisper Systems (OWS), a non-commercial project that produces a number of free, security-driven mobile apps. Several of the team members (including Moxie Marlinspike and Lilia Kai) are well-known for their history with other privacy and security efforts.
Up through version 2.6 (which was released March 5), TextSecure let users exchange encrypted messages delivered over SMS, Multimedia Messaging Service (MMS), or its own "TextSecure transport layer" that used the phone's data connection. Starting with version 2.8.0 (which was released March 19), only the TextSecure transport layer is supported. The message format uses ephemeral Curve25519 keys, and the app performs the key exchange between clients over the same transport used for the message itself. In other words, when two TextSecure users communicate over SMS, the key-exchange step is done over SMS as well.
While that makes perfect sense from a design standpoint, it was
evidently part of the burden of supporting SMS transport that OWS
found increasingly difficult. In the announcement heralding the end
of SMS support, OWS notes that the key exchange "can never be
seamless
" over SMS and that "we don’t believe that people
should even need to know what a “key” is, so this added bit of
friction has always felt wrong to us.
" In addition, users who
uninstall TextSecure might continue to get encrypted SMS messages from
their old contacts, which would then amount to useless, garbled text.
The announcement goes on to list three other reasons why SMS transport is being dropped. First, OWS has finally released a TextSecure-compatible app for iOS, and iOS does not include an API that could be used to encrypt or decrypt SMS traffic—making data-channel message exchange the only possibility for iOS–Android conversations.
Second, it says, SMS itself is fundamentally insecure. The
messages "leak all
possible metadata 100% of the time to thousands of cellular carriers
worldwide.
" Although users like to think of text-messaging as
an "offline" option, the announcement adds, in reality the messages
are all routed through carriers' servers, where metadata is logged
and, perhaps, even monitored by government entities (something that
the US National Security Agency is reported
to do). Ultimately, the
announcement said, the effort required to support SMS was holding
back other, more important work on the project.
The third point made in the announcement is that SMS is not as widely used as many smartphone users seem to believe. Unlimited messaging plans are really only available in the US and Europe, it said, and SMS can be quite expensive for much of the rest of the world.
Y U NO ENCRYPT?
Public reaction to the announcement varied (the Reddit discussion thread, for example, covers most of the comment responses). While some agreed that the limitations of SMS and its exposure to carrier data-logging make it a poor choice for the truly security-conscious, the fact remains that there are few—if any—alternative apps that offer any sort of privacy for SMS users.
The loss of the only reliable SMS-encryption mechanism is significant because it effectively leaves an entire transport unprotected. Although it has its shortcomings, SMS is often available in more areas than data services, it works across carrier boundaries, and could be used on a phone whose International Mobile Station Equipment Identity (IMEI) number is not previously associated with (for example) a Google account.
There are several other options available for encrypted smartphone chat over data networks (ChatSecure and SilentText, for example), but having no option for SMS messaging could leave some users out in the cold. After all, there are usually ways to minimize the metadata-collection issue, such as using store-bought phones and prepaid account-refill cards. Using more elaborate measures, one can gain quite a bit of anonymity.
But that is a solution that puts significant burdens onto the user; one of TextSecure's strengths has always been its ease of use. Users who still have version 2.6.0 can simply refuse to update to a more recent version, although there is a risk that future releases will break compatibility. In that case, users that want to communicate to some contacts over SMS and to others that use an updated TextSecure will find themselves in a bind.
Luckily, fans of the SMS-transport option have created a fork of the TextSecure 2.6 code, named SMSSecure. Even better, SMSSecure has been added to the submission queue at the F-Droid free-software repository for Android. TextSecure was removed from the F-Droid repository in 2012 for a number of reasons. Among those reasons were that OWS reportedly asked F-Droid not to distribute its own builds (i.e., packages signed by F-Droid and not OWS), and the fact that TextSecure used some proprietary libraries—namely Google's "Google Play Services."
On that last point, OWS's announcement about dropping SMS also noted that it would be dropping Google Play Services—at least for data transport. The Google library will still be used to relay wakeup events, the announcement said.
Among security professionals, a recurring refrain is that cell phones
represent a far larger (and more important) attack surface than
desktop machines and, thus, should be the focus of privacy- and
security-development initiatives. Nevertheless, there are still
precious few free-software apps for mobile devices that offer solid
security and privacy features. Time will tell if SMSSecure will fill
the gap opened by TextSecure's abandonment of text messaging, but it
is reassuring to see that the community cares about such matters.