TextSecure cannot be any more secure than the intentionally backdoored systems that they run on.
Your carrier can install arbitrary code, without your knowledge, on both your baseband and your SIM card, and depending on your phones implementation, have direct (as in DMA) access to your entire application processor and whatever OS and userland is running on it.
There is no way around this. If it's a mobile phone, it cannot possible be secure and cannot in any way be considered your device.
> If it's a mobile phone, it cannot possible be secure
That treats "secure" as a binary condition where something is either 100% secure, or it's just "insecure." It's somewhat like dividing Supreme Court judgments into those that are 9-0 and those that aren't, treating 8-1 decisions the same as 5-4. It's not wrong, it just throws out a lot of useful information.
"Secure" is an analog value for data just like "secure" is an analog value for physical objects. If you have a precious object, locking it up and hiring a security guard to protect it makes it more secure than leaving it on the front seat of your unlocked car. It's not very useful, when discussing various types of safe deposit box locks, to say "a safe deposit box can't possibly be secure since a bank robber can come and steal it." Things can be made more and more secure, but even Fort Knox has vulnerabilities.
Haven't looked at it in a while but when I did previously it was prone to the nearly universal Android issue of leaking data through AccessibilityService, which is basically this:
I leave my phone on my desk, Bob grabs it while I'm in the bathroom, turns on Unknown Sources, installs an apk from a known URL which implements an accessibility service that forwards all TextView contents over to his nefarious logging servers.
Once he installs this service (rooting and USB connection not required, just physical access to a non-PIN-locked phone and takes about 5-10 seconds to do if you've already posted an apk ready to install to some public url) it will always be running and come up on startup whenever the phone is rebooted and never show me any indication that it is running (unless the service ANRs or crashes or I go to the Accessibility settings page in the OS settings which I am unlikely to do as a user who doesn't require any special accessibility features).
Bob then puts my phone back and I begin to use it unawares. All of my data that is displayed to the UI at all is leaking regardless of how secure the network protocol is.
Take-aways:
If you are an Android user and care about things like secure chat being actually secure, PIN protect your phone or glue the phone to your skin so nobody can install an APK without your knowledge.
If you create an ostensibly secure Android app consider querying AccessibilityManager occasionally to take a look and see if any accessibility services are running and if they are indicate this to the user in some visible fashion that explains the risks, this allows people who have legitimate accessibility issues to use the app but mitigates the possibility of a data leak that the user is completely unaware of. Or alternately use an accessibility delegate on all your TextViews and other leaky widgets and have a setting in your app where when this filtering is disabled it is obvious to the user.
In response to ossreality's reply (you're hellbanned, btw, so your post is [dead] and I can't reply to it directly):
There's a huge difference between "enemy has your device and virtually infinite time to muck with it as he pleases" and "software that can be installed in a matter of seconds with no privilege escalation can subvert the security of nearly every app on your phone".
A few friends of mine really really tried to switch from Hangouts to TextSecure, but we couldn't do it - it was just too painful, complicated and buggy. We're using Telegram now and it's at least way better than Hangouts and TextSecure on the user experience, even though it's less secure than TextSecure.
Are there any good secure messengers out there that truly works cross platform (iOS, Android and Web/Win/OSX)? It's a shame that something like Telegram seems to be the best right now, considering its dodgy security model.
If your adversaries aren't nation-states, the mainstream chat applications (Facebook messages, Google Chat, and iMessage) all probably do a better job of protecting the integrity of their channel than Telegram does. If your enemies are capable enough to compromise Google Chat, you need to be using something without a dodgy security model.
I've not found textsecure to be buggy at all, can you explain your experience a bit more? My friends and I switched to it from surespot and love it. Its also a killer feature that it handles standard SMS as well. A single app for all messaging.
Also, wasn't telegram demonstrated to have awful crypto? Like basically pointless to use from an encryption standpoint?
I'm keeping an eye on the forthcoming Hemlis messenger which should have good crypto and launch on iOS/android and from the demo videos it has an awesome ui. However they're taking forever to launch the thing so who knows when it'll be out. Also it will need to be open sourced and audited before I trust it.
It suddenly, for no apparent reason at all, stops working until it is reinstalled. Messages are marked as being successfully sent, but they're not being received by the recipient. All my friends have the same issue.
Since it's only on Android I can't use it as the single app for all messaging. I certainly type much faster on my desktop keyboard than I do on my cell phone, so I need something with desktop support too. A lot of my friends also have iOS, which also is an issue.
Telegram's crypto is pretty weird, and potentially insecure - no doubt. However, it's the only messaging app I've found with good clients (superb in fact) on all platforms that has some level of encryption. I don't "need" (although I would certainly prefer) to be protected from targeted attacks, I need to be protected from mass surveillance.
We've noticed that some people have problems when they do weird stuff to their phones. We use GCM for delivery, so that can stop working with a custom gapps install, or a rooted firewall setup, or disabled background data for gcm. We have yet to receive a report where GCM stops working for people with completely stock installs. If that doesn't describe you, please file a bug so that we can help get things working.
For what it's worth, TextSecure also has delivery receipts now, so the sender can see what's happening with their message.
Just for the sake of having balanced anecdotes here for people who might be considering the switch to TS:
I recently started using TextSecure on my janky, crappy old Android phone and it is a _dream_. So far it has been strictly better that the native Android text app in every respect. The user experience is so different it's like night and day. Faster, lighter, quicker to load, better at sending messages while I'm in the subway with low signal, lets me keep typing the next text reliably while the old one is starting to send, etc. I could go on and on. I would use it just for the UX alone, even absent crypto.
I'm not in any way affiliated with TextSecure and frankly disagree quite strongly with some of Moxie's politics, but credit where credit is due. +1 very satisfied user.
Hmmm, I have not experienced these disappearing messages, although, maybe I have and I don't know it. I wouldn't know if one of my messages didn't go through to the other party would I? I will have to check with my friends and compare their message history to mine next time I see one of them.
Also, yeah I am desperately waiting on a secure messaging app that is has good crypto, ios/android, AND desktop support. So far there isn't one that fills all those, so for now I'll settle for good crypto rather than platform support. From what I understand, multiple logins from devices using the same identity is really hard for good crypto? I'm not sure but that'd explain why all the top secure messaging apps don't do it. yet.
Being open source and audited also matters a lot to me.
It's inconvenient to use Telegram on many devices (e.g. desktop/mobile), because their "secret chats" are not synchronized between them (e.g. your friends have to keep two contacts "kristofferR – Mobile" and "kristofferR — Desktop", right?).
If you are not using "secret chats", their default chats are not end-to-end encrypted, so are not comparable to TextSecure.
I've had all sorts of issues with the push messaging causing some crazy infuriating problems... had to disable it on my end and on friends phones too.
Also had some oddness where two friends with identical handsets - one couldn't set TextSecure as the incoming SMS client even though the other could...
It's great, I rave about it and try and talk everyone I know into using it, but there are some odd issues occasionally...
My uneducated opinion is that this has to do with all the junk layered on top of Android by the phone manufacturer. I've got a Nexus 4 (old flagship, vanilla Android) and TextSecure has not given me an iota of trouble.
I tend to agree. My vanilla nexus devices haven't had any problems at all (except for the push bits)... In fact, virgin android in general is extremely swish and pleasant to use.
I think "basically pointless" is when there's a known vulnerability that renders the encryption pointless. I think Telegram's more like "bad-smelling and while no exact vulnerabilities are known (since no one cared to audit), it's probably dangerous."
The constant silent failure to either send or receive texts. I can send my father textsecure messages but any he sends to me disappear in the ether somewhere
It suddenly, for no apparent reason at all, stops working until it is reinstalled. Messages are marked as being successfully sent, but they're not being received by the recipient. All my friends have the same issue.
Non-related to TextSecure, I've tried to use GCM to send notifications about faulty servers and found it quite unreliable. It seem to work fine when the phone's on and has a good WiFi connection, but seem to lose messages in real-life conditions. Not to the extent to completely stop working, just a packet loss, though.
How strange! The only issue I've seen has been to do with changing handset and needing to re-associate a phone number with a new key. There's a menu option for that which was quite well hidden.
I shall watch out for new issues as the iOS version gains functionality.
Mine almost never can properly receive MMS messages. Either I just don't get them or it can't download the attached image. It also has problems getting group messages. I've switched back to the stock messaging app.
I've been using Threema [1] without any issues, and it works on Android and iOS. The user experience is on par with WhatsApp, I would say. The source is not available, so you must be willing to take their claims at face value [2].
> Are there any good secure messengers out there that truly works cross platform (iOS, Android and Web/Win/OSX)? It's a shame that something like Telegram seems to be the best right now, considering its dodgy security model.
XMPP+OTR has been supported on major platforms for years (and for decades without OTR). It offers all the features the above Telegram/TextSecure/etc offer, and is descentralized, so you don't rely on some arbitrary third-party.
It depends on the threat profile. Something can be "secure from a MITM on the coffee shop wifi" without necessarily being "secure from a directed attack by the NSA".
For any practical security scheme, you do have to make some assumptions about the limitations of your adversary's capabilities. In the extreme case of "attacker has ability to read contents from memory on the end user's machine at will," I'm not aware of any secure cryptographic solution short of memorizing the key and performing all encryption/decryption by hand.
To add to this, there is a time component as well. If your data only needs to be secure for 20 years, it has a different threat profile than one that needs to be secure for 200 years. Then the question becomes "20 years for who?". The safe industry, as an example, thinks about their security problems in this manner.
Pro tip: to use TextSecure and RedPhone with Google Voice, enter your Google Voice number, let the SMS validation time out and then retry the validation by phone call.
OTR on XMPP is alright. I use ChatSecure on Android, Pidgin/Adium on Linux/Mac. It has some issues with multiple devices being logged on at once, but that's alright.
I use Telegram too, because it is easy to use, secure, and you can use it even in Windows 7. If we don't have internet we switch to Babel Full, which works both on Android and iOS.
What I actually haven't understood yet, is why people insist on using TexSecure, when it's in no way superior to XMPP (+OTR, if you want privacy), and is also centralized.
You even seem to be aware of the existance of XMPP, so why do you choose this new, inferior alternative?
As far as I know, XMPP requires keeping a connection alive when you want to receive realtime messages. On most mobile OS, keeping alive that connection and responding to it requires keeping the CPU awake, which severely affects battery life.
TextSecure can use the mobile OS's built in push notifications, which gives you realtime message receipt without killing your battery.
XMPP may be superior when it comes to security/technology but TextSecure is superior when it comes to usability and practicality on mobile devices.
Your carrier can install arbitrary code, without your knowledge, on both your baseband and your SIM card, and depending on your phones implementation, have direct (as in DMA) access to your entire application processor and whatever OS and userland is running on it.
There is no way around this. If it's a mobile phone, it cannot possible be secure and cannot in any way be considered your device.