Let's talk about SMS for a minute: We all know that communication is completely insecure and that telcos routinely hand over all data to the government without even waiting for them to ask. So text messaging is compromised. What can we do?
A partial answer is to send encrypted text messages. The government still knows who you're messaging, and when, but they won't get the contents of the messages.
In order to send encrypted text messages, both you and the other party to this communication must have an app capable of doing encryption and decryption. Such an app is TextSecure, for android. It does text messaging using the OTR cryptosystem. It also saves your texts in an encrypted database on your phone.
Once you have this app, you can use it instead of the default "Messaging" app that comes with Android. It takes over all your texting duties, and you can use it to send encrypted texts to people who use this app, or non-encrypted texts to people who don't use this app. Due to the encryption overhead, you can only get 60 characters per encrypted text, instead of the, like, 140 or whatever for a plaintext text.
This app is open-source (of course, or I wouldn't be recommending it). You can, of course, download it for free at the google play store. If you want to do that, you don't need to read the rest of the post. Just get it and then start texting with me in an encrypted fashion.
However, if you are like me, you don't use the google play store because of privacy concerns. If you download apps from there, google knows that you've downloaded those apps. I don't like giving them that information. I don't even have the google play store installed on my phone. Instead, I use F-Droid, a separate app store that only distributes free, open-source apps, and lets you download them anonymously.
The problem is that the people who run F-Droid got into a little misunderstanding with the developers of TextSecure, so F-Droid doesn't distribute the app anymore. Briefly: There was a security bug. The TextSecure developers released the fix as a binary download on google play before making the fix available on their github repo. During this time, the developers of TextSecure found that f-droid was still distributing the out-of-date version (because they couldn't get the latest code), and asked them not to do that. The developers of TextSecure released their fix on github, but f-droid decided to take down TextSecure anyway. So now f-droid does not contain an encrypted SMS program.
So, your choices are: Give up your ability to download TextSecure anonymously, and get it from Google Play, or compile the app yourself. I chose the latter. I will now describe how to do that. Also, I will give you a third choice: Download the compiled, unsigned, app from here.
Here's how you compile the app:
- Make sure you have the Java Developer Kit
- Get the Android SDK
- Run the "Android SDK Manager":
- Install "Android 4.0.3 (API 15)". Important: Make sure you're using API 15. I have an old android phone, and I'm stuck with Android 2.3.3 (API 10), but you won't be able to compile the app unless you use API 15. Don't worry, the app compiled in this manner will still run on Android 2.3.3, due to the fact that its AndroidManifest.xml contains <uses-sdk android:minSdkVersion="8" android:targetSdkVersion="16"/>. Also, the special features from API15 can be emulated on earlier versions of Android by using ActionBarSherlock. More on that later.
- Once the API is installed, we must clone the git repos for TextSecure and for ActionBarSherlock.
% git clone git://github.com/WhisperSystems/TextSecure.git % git clone git://github.com/JakeWharton/ActionBarSherlock.git
- TextSecure requires a particular version of ActionBarSherlock -- an older version -- version 4.2.0. So we need to make sure that's checked out.
% cd ActionBarSherlock % git checkout -b 4.2.0 4.2.0 % cd ..
- Both of the projects need to have the same version of the Android Support Library. Let's use the one from TextSecure.
% cp TextSecure/libs/android-support-v4.jar ActionBarSherlock/library/libs/android-support-v4.jar
- Both projects need to be updated by the sdk. This is much like the "./configure" step in the gnu build system. Furthermore, TextSecure must be told to use ActionBarSherlock as a library project:
% android update project --path ActionBarSherlock/library/ --target android-15 --subprojects % android update project --path TextSecure --target android-15 --library ActionBarSherlock/library/ --subprojects
- My JAVA_HOME variable is not set properly, so I had to set it:
% export JAVA_HOME=/usr/lib/jvm/java-1.7.0-openjdk-amd64
- Finally, you can compile TextSecure:
% cd TextSecure % ant debug
- You will now find bin/TextSecure-debug.apk. You can copy that to your phone and install it using a file browser, or you can copy it to a website and navigate to it to install it, or you can install it to your phone using the Android Debug Bridge which came with the SDK.
- Text me!