Encrypting SMS messages and phone calls on Android

Thu 21 March 2013

Much of our daily lives are contained within our smartphones and computers.  Email, text messages, and phone calls all contain bits and pieces of information that, in the wrong hands, could harm our privacy. Unfortunately many people either don't understand how vulnerable their data is when sent across the Internet (or another commercial circuit) or just don't care.  While I don't have much to say for the crowd in the latter category (can't fix stupid) I do try to help people in the prior category understand that any network outside of their control is fair game for pilfering and that basic protections need to be taken to protect themselves.  While I'm not going to dig into how data can be intercepted (there are plenty of articles out there on the subject) I would like to talk about how one can use tools to protect their data when using an Android smartphone.

Until recently email was the only easily-encrypted mode of communication.  Most people didn't have the means of encrypting their phone conversations and certainly not their SMS messages (unless you happen to be using a SME-PED, but those things are terrible in other ways).  Now, Whisper Systems have released two open source programs that allow you to protect your communications.  The first is called "RedPhone".  This program encrypts your phone conversations and allows you to converse securely.  The second program is called "TextSecure" and encrypts text messages using authenticated, asymmetrical encryption.

I like the way TextSecure manages keys and allows you to verify the user's key directly so you can establish trust.  RedPhone appears to use the trust in the phone number for authentication.  RedPhone also provides encryption opportunities when the distant party also has RedPhone on their device which is a nice feature that I wish TextSecure also provided.  Both of these programs are very easy to use and need very little configuration.

TextSecure also provides an encrypted container for all your text messages so that your text messages are secure if the attacker has physical access to the device.

And OpenPGP is still a great option for protecting your email communications but that is a topic for later.

By Sparks, Category: Information Security

Tags: RedPhone / TextSecure / Whisper Systems / Confidentiality / Encryption / Integrity / Security /