
Signal for Android: RedPhone and TextSecure in one app - pjf
https://whispersystems.org/blog/just-signal/
======
Tepix
Signal is pretty awesome, it's by far the best that we have right now:

    
    
      • state of the art crypto
      • open source
      • free as in beer
      • Available for Android and iOS
    

There are a few minor features that are missing but I can live with that.
However, there are also a couple of important shortcomings:

    
    
      • no decentralization
      • use of the phone number
    

I hope they can be fixed sooner or later.

~~~
IshKebab
But the centralisation and use of the phone number is necessary to make it not
shit. Anyway you forgot the important features:

* Nice modern UI

* Integrates with SMS

* Supports group chats

* Uses MMS for group chat if not all members have Signal

* Not really buggy or hard to use

~~~
vox_mollis
Huge respect for Moxie, but the requirement of a phone number really is a
dealkiller.

    
    
      1. Phone number requires a service provider
      2. Service provider owns the baseband and root of your phone.
      3. $government makes a "lawful request" of Verizon et. al.
         to install keyloggers/screenshotters on your phone.
      4. Your "secure" commms are compromised.
    

Signal needs to work on comprehensively rooted devices connected only via wifi
for the above threat model to go away.

~~~
moxie
If we were going to rank our priorities, they would be in this order:

1) Make mass surveillance impossible. 2) Stop targeted attacks against crypto
nerds.

It's not that we don't find #2 laudable, but optimizing for #1 takes
precedence when we're making decisions. It's totally possible for you to
install Signal on an iPod touch with a VoIP number, for instance, but that
takes more effort than the common case we're designing for.

~~~
blub
Any chance of not requiring access to the whole contact list? I think there
are pickers that allow selecting one contact - or better yet, one could allow
adding contacts inside Signal.

~~~
finnn
Probably not because they check that against the list of people who have
Signal installed so they can send encrypted messages to the people who support
it. They talk more about how they try to do this privately in [0].

[0]: [https://whispersystems.org/blog/contact-
discovery/](https://whispersystems.org/blog/contact-discovery/)

~~~
junto
I had a problem where one of my contracts uninstalled Textsecure, and went
back to the vanilla SMS app. Now all the messages he received from me are
garbled. Somehow they need a way to disassociate phones AFTER the app has been
uninstalled.

~~~
horusx
You can ask your contact to use the unregister app here
[https://whispersystems.org/textsecure/unregister/](https://whispersystems.org/textsecure/unregister/)

Apple offer a similar tool when leaving iOS
[https://selfsolve.apple.com/deregister-
imessage](https://selfsolve.apple.com/deregister-imessage)

------
redwards510
Wow, tough room! So much negativity. Whisper Systems, thanks for making
encryption simple enough that my Mom can use it, and open enough that I can
trust it. That is the success story here.

~~~
anonbanker
I can't wait to see the number of pull requests to their repositories for all
the bugs/features people are demanding!

~~~
gozo
That's not really how the world works though. People have de facto ownership
over projects. A lot of the features are things which the project have
repeatedly rejected. Very few people are going to spend time on things they
believe are futile. The technology isn't the problem here, it's the leadership
of the project.

------
verusfossa
TextSecure used to be on fDroid, then this happened
[https://f-droid.org/posts/security-notice-
textsecure/](https://f-droid.org/posts/security-notice-textsecure/). Now it's
a GPlay exclusive. I don't have GAPPS so now I can't get it. I'd assume many
privacy conscious people don't have GAPPS. I understand the technical hurtles,
but it's too big a pill to swallow.

~~~
rogerbraun
Just use Conversations. It can now use the same protocol and is the best XMPP
client there is.

I'm completely baffled that the Textsecure people insist on using the gapps
package, which is of course an extreme privacy risk.

~~~
finnn
> It can now use the same protocol

Conversations uses XMPP, not whatever custom stuff WhisperSystems worked up
for Signal. Are you talking about OMEMO[0]? That's their implementation of
Axolotl over XMPP. So same crypto, yes, but different protocol.

[0]:[http://conversations.im/omemo/](http://conversations.im/omemo/)

~~~
rogerbraun
That's what I meant, sorry for the confusion.

------
deckiedan
One of the reasons I didn't install WhatsApp is the sheer quantity of
permissions it wants (on Android).

Yes, I realise that this is part of Android's broken security model.

But the Signal app also wants access to practically everything. Device & App
History, Identity, Calendar, Contact, Location, SMS, Phone,
Photos/Media/Files, Camera, Microphone, WiFi Connection info and Device ID and
call info.

Call me paranoid, but making an app with all those permissions seems kind of
the obvious place for backdoors and similar.

If there was a 'light' version of the app which only required access the
internet, then I'd be much more likely to install and use it. (And maybe if I
ended up trusting it, then later install add-ons / the full version later).

~~~
iheartmemcache
I'm not associated with Signal or Moxie (though I've been a silent fanboy for
~15 years-- [[hey Moxie if you're reading this and still are hiring, ping me -
contact info is in my profile]]), but I'd inherently trust the application
more than an average application or company because: a) Moxie has a track
history of having a lot of personal integrity with regards to security. Some
might say this is blasphemous but I'd put him up there with Bruce Schieder. b)
The whole source is available on GitHub, compile the APK and see if it
matches. c) it's incredibly easy to take an apk and disassemble it, to see if
there are backdoors to begin with if you are really that cynical.

Don't get me wrong, I'm a tinfoil hatter. I use GPG, run my own MTA for
anything even remotely important, use DDG over Google, donate to the EFF and
use their HTTPS Everywhere plugin, have all of the Ad-Opt outs enabled that
Google/Doubleclick/etc make available but try to obscure, etc. I'd be willing
to bet that Google is collecting way more information than Signal is.

But hey, that's why rev-eng is so important. A wiser man than me once said
"Don't turn it on, take it apart" ;)

~~~
xenophonf

      compile the APK and see if it matches
    

Are deterministic builds possible with the Android toolchain?

~~~
finnn
F-Droid is working on this:

[https://f-droid.org/wiki/page/Deterministic,_Reproducible_Bu...](https://f-droid.org/wiki/page/Deterministic,_Reproducible_Builds)

------
oggy
This is great news, and thanks to everyone involved. I've been using
TextSecure for a while, and it's really "pretty good security made easy". Yes
it is not perfect for the super privacy-conscious (depends on Google Play
services and all that) and a fork with these features might be useful, but if
I understand the motivation correctly, the main goal is to make good crypto
accessible to the masses.

I do have a personal gripe with that, though. I'm hoping a "high up" might
read it so I am posting it here. The only people in my contact list who use
the app are crypto nerds. It's really hard to get traction. I thought that the
TextSecure people had a great idea to solve this chicken and egg problem; a
unified messaging app that would handle your sms, and send secure messages
wherever possible. One feature that I find is missing though, is the ability
to semd broadcast (unencrypted) sms texts. In my experience (Europe, people
around 30) this is used a lot, and a drop-in replacement for the built-in
messenger would need to have this.

Actually, I would like to see this happen so much that I would be willing to
do the work, if someone is willing to provide the handholding...

------
jugbee
Guys, cut with the negativity. I'm a crypto nerd as well, and with my other
truly paranoid friends we use Chatsecure which does not require your number,
is compatible with Tor, etc. However, my mom uses Signal, my father yesterday
called me via Signal and he's fuckin' 67 years old. That is truly amazing and
I admire Moxie et.al for the work they do.

Do you seem to forget that it is encryption for the masses. Not only for the
few tin foils like myself. And even if it uses GCM, it's still an great, since
i could never persuade my non-paranoid friends to contact me only via
Chatsecure. They would say - "why the fuck can't you be like a normal person
and use whatsapp or fb messenger?".

------
corney91
I really want to start using TextSecure (or Signal now I guess), but the only
thing holding me back is it depends on Google Play Services. I love what
they're doing and can understand the decision, but still thinks it sucks a bit
that the best option for secure communications is so tied into Google.

~~~
moxie
It seems like you don't want to install Google Play Services on your device.
My sense is that this isn't because you find the communication over GCM to be
inherently offensive (it's just a tickle, after all), but because you don't
want to run proprietary software.

There's a very small number of people who find this to be very important, and
my experience has been that the strategy is to loudly complain whenever
anything depends on play services. Just tactically speaking, I don't think
this is going to work in the end, in the same sense that simply refusing to
have a mobile phone won't work anymore -- slowly, the circumstances around
this technology will make it impossible to refuse.

What I don't understand is why nobody just writes an API-compatible open
source implementation of play services. Even if it only supported GCM and
nothing else, that'd unlock an enormous swath of apps, and would only require
writing a basic implementation of the GCM network protocol.

I'd love to know more if I'm misunderstanding the challenges around doing
that. Right now it's part of the reason that I don't pay much attention to
that crowd -- everyone seems very willing to complain, but nobody seems
willing to do what seems like pretty straightforward work to solve their own
problem.

~~~
gothenburg
There you go:

[https://github.com/microg/android_packages_apps_GmsCore](https://github.com/microg/android_packages_apps_GmsCore)

An open-source replacement of Google services. You can use Signal with this.

~~~
haffenloher
I wrote a little guide on how to set it up: [http://o9i.de/2015/10/23/howto-
gmscore.html](http://o9i.de/2015/10/23/howto-gmscore.html)

Has been working reasonably well for ~10 days now. Note that I'm on Android
4.2, so I might have missed something with regard to newer Android versions.

------
furyg3
Great! I've been using Signal for iOS and while it's not yet comparable to
WhatsApp feature-wise, it's for sure good enough to use.

I find it very difficult to get people to switch from the walled gardens of
iOS messaging and WhatsApp (WhatsApp dominates the Dutch market for
interesting historical reasons). I've been able to get a handful of privacy
conscious friends to switch to Signal/TextSecure, hopefully the cross-platform
branding makes this a bit easier.

~~~
acqq
> switch from the walled gardens of iOS messaging and WhatsAp

Doesn't Signal require my phone number? Isn't it dependent on the Whisper
servers? Why isn't it a walled garden then?

~~~
lsaferite
>Why isn't it a walled garden then?

Because the client and server are both OSS?

[https://github.com/WhisperSystems/TextSecure](https://github.com/WhisperSystems/TextSecure)

[https://github.com/WhisperSystems/TextSecure-
Server](https://github.com/WhisperSystems/TextSecure-Server)

~~~
acqq
Can I download the the Signal client from any store and then point it to my
own server instead of Whisper's?

Did anybody try to run his own server? Can such setup really work?

~~~
Natanael_L
You can run your own server, but there's no federation.

The reason for that I imagine is that they want a privacy preserving automatic
lookup method (a single server can confirm phone numbers and allow privacy
preserving contact list comparisons for its own clients), and aren't convinced
of using a model where the public key is the identifier instead of your phone
number.

~~~
acqq
Have you actually tried it, or do you know somebody who have tried? Is the
client really fully independent on Whisper servers? Can it work without the
mobile connection, just with WiFi?

Does the voice communication work?

I'm asking all this because it seems that the server code was earlier in "you
can look but it's not enough to run it" state?

~~~
pakled_engineer
I've run the server source as a private textsecure chat app. You can run your
own without the proprietary gapps framework app too by mimicking what GCM does
on your own back end, and it works with wifi if you change the identifiers to
email/nicks instead of phone numbers, but this was for a small number of
coworkers nothing of massive scale. This was for business communication from
China since at that time TS wasn't working very well behind the GFC but they
added another server around that time (I assume, all connections got better)
so we abandoned our hacked fork for regular TS/Signal.

------
sbt
I have been using Signal (and TextSecure before that) for a while. The two
features that would make me use it more would be:

1\. Web client. (I send most of my texts from my laptop, which means I use
Hangouts)

2\. Search messages on the client.

Thanks for a great product and keep up the good work.

~~~
lorenzhs
A browser extension for Chrome/Chromium is being worked on! You can track it
at [https://github.com/WhisperSystems/TextSecure-
Browser](https://github.com/WhisperSystems/TextSecure-Browser)

~~~
nailer
That's excellent. Installing and using GPG (or GPGTools or GPG Keychain or
whatever it's name is) on OS X is awful.

Something that's still OSS and cares about UX (like Signal on iOS) would be
fantastic.

~~~
rogeryu
> That's excellent. Installing and using GPG (or GPGTools or GPG Keychain or
> whatever it's name is) on OS X is awful.

I don't understand what's so difficult here. The biggest problem is
understanding how PGP works, and having to type a password now and then. I use
it all the time, to sign - not encrypt - my mail.

~~~
nailer
Finding the app (not the source code), finding out what three names mean (as
already discussed), finding which app to launch, realising it only works with
Apple Mail and the shell are all parts of the current experience.

Another study on a different client, but same thing:
[http://www.scmagazineuk.com/modern-pgp-is-unusable-
according...](http://www.scmagazineuk.com/modern-pgp-is-unusable-according-to-
academic-study/article/450835/)

------
Nexxxeh
As was mentioned on another HN thread, why the ridiculous name? "Signal" is an
already widely used term when talking about mobile communications. With cell
phones in particular.

"I'm trying to get signal on my phone" or "I'm trying to get Signal on my
phone". Great(!)

~~~
noja
Can you suggest a better name?

~~~
iheartmemcache
Naming conflicts are a major problem - legal trademark implications, branding
issues, searchability, etc etc. A name collision with someone, especially in a
remotely similar industry, is problematic.

IronChatApp.com is available. ("Steel"|"Lock"|"Forti"|<anything that conveys
security>) + ("Chat"|"Talk"|...).

I'm not sure, there are tons of professional marketing/branding/PR firms who
do this really well. TextSecure et al were acquired, IIRC. If the parent
company has 50k to throw around, approaching W+K might be a good investment.

Edit: Mea culpa. It was WhisperSystems not OpenWhisperSystems which was
acquired, both of which were founded by Marlinspike. This, incidentally,
proves my point that naming similarities (WS vs OpenWS) within a similar
domain (both mentally associated as "moxie" projects in my mind, in this case)
can lead to problems.

~~~
lorenzhs
> TextSecure et al were acquired, IIRC. If the parent company has 50k to throw
> around, approaching W+K might be a good investment.

No, moxie's previous company (Whisper Systems) was acquired by Twitter (iirc),
Open Whisper Systems is a different project. See
[https://en.m.wikipedia.org/wiki/Open_Whisper_Systems](https://en.m.wikipedia.org/wiki/Open_Whisper_Systems)
and
[https://en.m.wikipedia.org/wiki/Whisper_Systems](https://en.m.wikipedia.org/wiki/Whisper_Systems)

------
Omnipresent
Is Signal for Android open source like other things coming out of open
whisper? I didn't see it on their github page [0]

[0] [https://github.com/WhisperSystems](https://github.com/WhisperSystems)

~~~
scienhack
Signal for Android is effectively TextSecure v3+, with a new label. So it's
TextSecure repo that holds Signal's code.

------
amluto
What happened to short authentication strings? The SAS protocol is nicely
documented in the Silent Circle Instant Messaging Protocol paper [1], but when
I go to "Verify identity" in the app I'm asked to verify an obnoxiously long
pair of hexadecimal strings.

The phone call feature supports it (with a curious lack of documentation), but
it would be easy to imagine a UI that allowed verification without making a
phone call and without allowing users to screw it up: one phone shows the SAS
string, the other phone asks you to type it in, and neither phone allows IMs
to be sent while doing this.

~~~
JshWright
Axolotl (the crypto protocol used by Signal/TextSecure) never used SAS. The
calling feature uses ZRTP, which does do SAS.

------
newman314
I'm really hoping for some intersection of Signal, Ricochet.im and Burner.

* Signal for the security piece.

* Ricochet.im for the Tor (optional?) and anonymous endpoint

* Burner for the idea that we can have lots of throwaway identities (if so desired).

------
mtgx
Supporting android 2.3 is the equivalent of supporting Windows XP at this
point. Why do it? Those Android 2.3 devices will be vulnerable as hell anyway,
and I imagine it just makes it hard to support them, too, taking precious time
from working on new features or cryptography. IMO, you should support only
Android 4.1+ and up.

Also, I'm confused as to why Signal still asks to be my "default SMS app" when
I thought the code to encrypt SMS texts was removed from TextSecure? Why would
I still want my SMS's handled by Signal?

~~~
muppetman
Because you want to store them on your phone encrypted, so that no one else
can read them without knowing your passphrase?

Sure, the fact they're transmitted to your carrier in a 100% readable form
removes most of the benefit of this, but it can still stop prying eyes from
reading your texts.

Also, it's trying to be like iMessage. You have a single messenger, where you
default to unsecure SMS for those contacts that don't have Signal, but default
to secure messaging for those that do, all in the one app without you having
to think about it.

------
mrmondo
I'm glad it's not called RedPhone for Android users, they may get it confused
with YouRed I mean YouTubeRed I mean RedTube or whatever it's called now. In
all seriousness though - what was (is) with the trend of apps with Red in the
name? Red to me gives the idea of danger or something that's stopped /
blocked.

~~~
maxerickson
There's a long history of calling a secure phone a red phone, like the
connection between Moscow and Washington during the Cold War.

In the cheesy TV show from the 60s, Batman and the police commissioner had
literal red phones that they used to talk to each other.

~~~
mrmondo
Ah! That's quite interesting and now that you say it I of course remember
seeing red phones in films in such situations. Thank you for taking he time to
reply.

------
mtgx
Any ETA for the desktop version?

------
artichokeheart
As long as it still requires Google Play I'll still consider it snake oil.

~~~
newjersey
It uses Google Cloud Messaging. There needs to be a server in between and I
believe GCM is free. Consider a situation where Bobs phone is switched off.
Alice sends a message and turns off their phone. Now, Bob turns in their
phone. How do we get the message Alice sent to Bob?

~~~
a3_nm
Give me some open source code that I can run on my own server to manage the
notifications for me and for my friends, and allow me to tell the client app
on my phone to use it.

That's way better than forcing me to rely on a specific Google server and
protocol, which further requires proprietary software on the client.

~~~
moxie
See my comment here:
[https://news.ycombinator.com/item?id=10500188](https://news.ycombinator.com/item?id=10500188)

------
pasbesoin
I just updated, after which I checked the settings. I noticed that auto-
downloading in MMS text messages was enabled (moxie stated for a prior version
that it was not, at that time), whereupon I changed the settings to disable. I
may well be misinterpreting what I was seeing, but better safe than sorry.

(I'm stuck on Android 5.1 (not 5.1.1) on a Verizon phone. I was thinking of
the ongoing Stagefright problems.)

------
oha
If they would add support for sending pdf and doc files and any other file and
release a desktop client it would be an unbeatable messenger.

------
tabrischen
Unfortunately when I used Redphone previously the call quality is pretty bad.
The volume of the call would get screwed up and I know it's not to do with the
signals (lol) because I would hang up and call the person back without
redphone and it would work perfectly.

------
droopyar12
Redphone and Signal are all backdoor applications with bugs and exploits that
i have found. Even the server is backdoor. Nobody in the security scene could
use this, except a kid.

------
JshWright
Does the calling functionality support any wideband codecs? I've tried
RedPhone in the past, but the audio quality left a lot to be desired.

------
creshal
[https://www.reddit.com/r/netsec/comments/3rc9br/psa_signal_f...](https://www.reddit.com/r/netsec/comments/3rc9br/psa_signal_for_android_replaced/)

There seem to be concerns about the security of it.

~~~
Natanael_L
Seems like the persistence for automatic VoIP authentication confirmation is
currently disabled. Meaning you need to confirm our again each time. But have
they confirmed this is in the release, not just in a development branch?

------
venomsnake
Do they have ZRTP in the baseband of normal GSM call?

This is what I have been waiting for.

~~~
biokoda
No one has that

~~~
venomsnake
PrivateWave claim they have.

~~~
biokoda
No they don't. It's not mentioned anywhere on their website.

~~~
venomsnake
Who am I to argue. You could use a standard modem software to create a data
channel over voice.

[https://web.archive.org/web/20150303132755/http://www.privat...](https://web.archive.org/web/20150303132755/http://www.privatewave.com/pages/viewpage.action?pageId=5406768)

ZRTP/S

ZRTP/S is an extension to ZRTP protocol. It is designed to make ZRTP-secured
calls work across Circuit Switched communication channels such as the
traditional telephony networks (GSM, CDMA, PSTN, ISDN, etc) where internet
protocol is not available.

On these telecommunication technologies peers can have a sort of “serial
connection” through which they send and receive raw digital data.

The communication channel is so narrowband (9.6kbit/s) that it is not possible
to run IP (internet protocol over IP) over it.

So, PrivateWave and Philip Zimmermann jointly designed and implemented ZRTP/S.
It is a transport and security protocol for Voice over Circuit Switched
channel, carefully adapted to be extremely narrowband and minimalistic.

After a year of researching and development, PrivateWave created a library,
libzrtps. The library allowed PrivateWave to release the 1st version of
PrivateGSM product - PrivateGSM CSD. It allows users to communicate securely
in a point-to-point fashion with the ZRTP end-to-end encryption protocol and
with a bandwidth as small as 5400bit/s.

Full specification of ZRTP/S and Source Code will be soon published. Anyone
willing to create his own project, improve and eventually establish
interoperability between Circuit Switched secure telephony (ZRTP/S over GSM)
and Packet Switch secure telephony (ZRTP over IP) can benefit from the
publications.

Interoperability represents one of the design goals of the ZRTP/S protocol.

~~~
biokoda
Their android app description says they need an IP enabled network. GSM is not
it. They may have it in their lab, but it's not in a real life useful product.
Because it is not possible.

------
JulianMorrison
Why not on my Nexus 7?

~~~
justcommenting
If you use a Nexus 7, you probably have a Google account, so you could use a
Google Voice number to register.

~~~
maxerickson
Google Play doesn't make it available to the Nexus 7 (at least, I don't see it
on mine).

