Open Whisper Systems is phasing out support for encrypted SMS and MMS messages in its TextSecure messaging product. The move does not spell the end for encrypted messaging for users of the Android app, as the company plans to switch to its own transport protocol to address some of the security and performance issues inherent in SMS.
TextSecure is more than five years old, and when it first became available, it was one of a tiny handful of products providing encrypted messaging. The app is free and it predates by a long while the slew of similar products that emerged after the Edward Snowden revelations raised the stakes on security and privacy for many users. But the environments has changes, as have the ways that people use their phones, and Open Whisper Systems is moving away from SMS to its own transport system for encrypted messaging.
“The TextSecure story started back in 2009, at the dawn of the smartphone era. Back then, TextSecure focused on securing the transport that everyone coming from feature phones was familiar with: SMS. Today, many things have changed, and TextSecure now emphasizes the ‘TextSecure transport,’ which uses data rather than SMS. While we remain committed to supporting plaintext SMS/MMS in addition to the encrypted TextSecure transport so that the app can function as a unified messenger, we are beginning the process of phasing out support for SMS/MMS as an encrypted transport in favor of the TextSecure data protocol,” the company said in a blog post.
One of the reasons that the company is moving to its own transport protocol for encrypted messaging is the security issues with SMS. Text messages sent over SMS are routed through carriers’ infrastructure and as they move along, they leave traces everywhere. This runs counter to what an encrypted messaging app is trying to accomplish.
“They leak all possible metadata 100% of the time to thousands of cellular carriers worldwide. It’s common to think of SMS/MMS as being ‘offline’ or ‘peer to peer,’ but the truth is that SMS/MMS messages are still processed by servers–the servers are just controlled by the telcos. We don’t want the state-run telcos in Saudi, Iran, Bahrain, Belarus, China, Egypt, Cuba, USA, etc… to have direct access to the metadata of TextSecure users in those countries or anywhere else,” the company said.
The TextSecure transport protocol uses data rather than the SMS system, something that makes it more accessible and economical for users in locations where text messaging over SMS is very expensive.
Another consideration in the change to the TextSecure protocol is that Open Whisper Systems has released an iPhone secure messaging app called Signal. The move away from SMS will allow TextSecure to become compatible with Signal.
“We recently launched Signal for iPhone, which includes support for TextSecure-compatible messaging. However, iOS does not have APIs that allow us to programatically send/receive SMS messages. This means that encrypted SMS messages to iPhone users won’t work, which creates potentially confusing compatibility issues for users,” the company said.
The next version of TextSecure, 2.6.0, will be the last one to include support for encrypted SMS and MMS.