Secure Communication Comes To Android

An anonymous reader writes "Forbes is reporting that Moxie Marlinspike and Stuart Anderson's startup, Whisper Systems, has released a public beta of two Android applications that provide encrypted call and SMS capabilities for your Android phone. In the wake of recent GSM attacks, it'll be interesting to see if smartphones end up providing a platform that fundamentally changes the security we can expect from mobile communication."

What I'd like to see (a PGP/gpg variant).

[Anonymous Coward]

What I would like to see is a PGP/gpg utility for Android. The closest I can get to this is cross-compiling a statically linked gpg binary for ARM and running that in a terminal.

We'll know it's pretty good when it's outlawed

[bzzfzz]

We'll know it's at least OK if the FBI and CIA start lobbying congress to outlaw it.

We'll know it's pretty good if the NSA starts lobbying congress to outlaw it.

The government is absolutely convinced that law enforcement will come to a screeching halt if people can communicate casually without being subject to eavesdropping. This despite the courts' general distaste for such evidence (people rarely speak candidly in phone conversations regarding criminal enterprises and therefore establishing context and the meaning of codewords becomes a prosecutorial hurdle), and the paucity of successful prosecutions built primarily on the strength of intercepts.

So we've had cryptography treated as a munition. And clipper. And CALEA.

Of course, if the keys are on a server somewhere they can always just subpoena them.

Re:Less useful

[stephanruby]

While interesting, these apps aren't that useful because the other caller would have to be using the same software for it to work which limits it to just a few people using Android with these apps.

These apps may not be useful to *you*, but they will certainly be useful to governments, a few companies, and some of the more vigilant/paranoid tin-foil hat wearers among us. In any case, what we need is a free open source solution that does encryption.

The number of Android users is not that big right now, but Android is coming very fast from behind [gartner.com], and with Google taking 0% of the commissions from their Market/App stores (leaving the entire 30% in perpetuity to the carriers/phone makers), I speculate that Android will really become the #1 dominant platform eventually.

Open standard.

[Ungrounded Lightning]

... these apps aren't that useful because the other caller would have to be using the same software for it to work ...

From TFA:

Marlinspike says the apps will interface with users' contact lists and other functions on the phone to take the hassle out of making calls and sending texts that can't be eavesdropped by third parties. ...

RedPhone uses ZRTP, an open source Internet voice cryptography scheme created by Phil Zimmermann, inventor of the widely-used Pretty Good Privacy or PGP encryption. ... [Similarly for the SMS system.]

Looks to me like the product uses defacto-standard encrypted communication tools and integrates them with the phonebook to make their use automatic when calling a contact with whom you can have an encrypted conversation.

So it looks to me like your encrypted communications wouldn't be limited to people using the same android app. You could talk to anybody using the same underlying "standard" scheme.

Why Not Use TOR As Well?

[no1home]

Since it's going out as a VOIP call, why not route it via TOR? Yes, it would likely slow down the talking a bit (great, I could finally take notes while still keeping up with the conversation), but it would make it that much more difficult to track down the caller and/or recipient. Might also work for the SMS if it's using an Internet-based route instead of the actual cell system SMS.