App of the Day: TextSecure for Android

Written by Mat Lee

Looking for a great secure messaging app for your Android device? TextSecure for Android is a great choice, says Mat Lee. Here’s his review.

aNewDomain — If you’re searching for an SMS app to replace whatever stock messaging app came with your new Android phone, my choice is always TextSecure.

textsecureBrought to you by the great developers at Open Whisper Systems, I’ve been using TextSecure’s secure messaging app with my Verizon Galaxy Nexus ever since I (finally) finished with Handcent. After four years of solid, everyday use with TextSecure I’ve never looked back. It’s true that in the early days the app wasn’t the best to look at, but honestly, neither was Android.

Open Source

Back when people first started to hear about fun government spying, there really wasn’t much of a security focus in messaging apps, and if there was, it wasn’t focused on mainstream users. After the Snowden leaks came into the public eye and more people were paying attention to issues of security and privacy, many of the popular messaging apps still paid little attention to security. And if there was secure messaging functionality at all, it was closed source or poorly implemented.

In general, I’m a big fan of open source software. I believe that the more people at large that have access to the source code of any piece of software, the better and more secure the software is likely to be. Crypto is so complicated that it’s tough to get the implementation bulletproof.

It’s even more difficult if the code is limited to only the people who created it. Just ask any of the big companies who’ve made headlines because they couldn’t protect their databases. If they had used open source software, the code would have been pounded again and again by many different people — keeping the data much safer.

With open source software like TextSecure, anybody can hammer away at the code to help find the bugs in the crypto implementation. Over time, this makes for a very secure messaging app. If you want to see what I mean, check out the TextSecure source code on GitHub to see for yourself.

textsecureHow TextSecure for Android Works

So, maybe you’re wondering how TextSecure works? I’m not going to get into the whole crypto implementation of the new TextSecure messaging version 2 protocol, because smarter people than I have already written it up.

To put it in quick and dirty terms, once you install TextSecure and give it a password, it’ll generate your keys and just like magic you are ready to go.

I use TextSecure in two ways. The first is to have it encrypt my local text message database. In the options there is a setting that will timeout the passphrase. I check this setting and then set a timeout that is applicable to my use. If you set it too low, you’ll always be entering your password, but if you set it too high, someone might have a chance to get your messages before the timeout occurs.

This feature is great if you ever lose your phone or have people who like to snoop through your phone while it happens to be out of your sight. Once the timeout happens, your messages are encrypted and you’ll have to enter your password again. I would show you screenshots of this, but another cool feature is that TextSecure blocks screenshots. That will make sure no one can screen-capture your messages when you aren’t looking. Very helpful.

The second way I use TextSecure is to encrypt messages sent to my friends who are also using TextSecure. When TextSecure detects I am messaging another TextSecure user, it will automatically complete a key exchange with that user and encrypt all messages to and from them — end-to-end style.

The new protocol defaults to using the data channel to send encrypted messages, but if there is no data connection, it will encrypt over the normal SMS channel. If you are the super-paranoid type, when you are in person with the individual you are messaging, you can verify their key. That way you know you are sending messages to the person you think you are.

Along with the easy key exchange in the new version of the app, they have cleaned up TextSecure’s interface and made the group chat capability much better. TextSecure is definitely the first app I install on my phone whenever I upgrade, and you should, too. Hit the Google Play Store page for TextSecure (it’s free!) and start texting more securely right now. Also you should consider the best texting services today.

Are you an Apple iPhone user? Don’t fret. Signal — the iOS version of the app — is available on iTunes. Look for our review of that version soon.

For aNewDomain, I’m .

All screenshots:

Featured image: Unlock my Heart by Holly Victoria Norval via Flickr