Saturday, October 18, 2014

TextSecure for Android Devices

TextSecure is an Android-platform mobile phone application to encrypt text messages (SMS) as they are sent, or while they reside on your phone.

What you will get in return:
  • Text messages to other TextSecure users can be encrypted when sent.
  • Text messages are stored in an encrypted database on your device, protected by a passphrase.
  • If your phone is lost or stolen, your messages will remain unreadable to those without the passphrase.

1.1 Things you should know about this tool before you start

  • Using this application will prevent anyone from being able to read the content of your text messages, but will not hide the fact that you are sending messages, nor will it hide the destination of the message.
  • You should consider SMS costs, as establishing a secure connection for sending text messages will require TextSecure to use an SMS-message whereby both sides will send AND receive a message to establish this connection.
  • In some countries, an encryption programme such as TextSecure may be illegal or subject to legal constraints.

2. How to Install and Use TextSecure

List of sections:

2.0 How to Install TextSecure

Step 1. Download the app from from Google play store
Figure 1: TextSecure in the Google Play store.
Step 2. Install the app (by clicking the appropriate install button).
Figure 2: Permissions necessary for downloading.
Step 3. Read and accept the GNU license.
Figure 3: End User License Agreement.
Step 4. Create a password or passphrase to encrypt the data stored on your phone
Figure 4: Create and repeat a password or passphrase

2.1 Configuration and first-time setup

Step 1. Click on the TextSecure icon, and enter your TextSecure password.
Figure 5: Enter password or passphrase
Step 2. The application will ask you if you want to copy the existing text message database on your device. It is recommended to copy your messages in order to have them encrypted, and delete them from the old location.
 
Figures 6 and 7: Migrating text message database
Step 3. Check to make sure your old messages appear in the TextSecure app inbox.
Step 4. Delete your messages from their previous location.
At this point you are ready to use TextSecure as your texting application. Note: If you do not wish to exchange encrypted text messages, you can still use TextSecure to securely store the messages you send and receive, meaning that should you lose your device, they will remain unreadable to anyone who should find it.

2.2 Establishing secure communication

It is required to do a one-time secure connection per phone number with which you like to use TextSecure. To do this:
Step 1. Go to the Menu, and click on secure session
Figure 8: Menu options
Step 2. Enter or select the desired contact to Initiate Key Exchange
 
Figures 9 and 10: Secure session initiation.
Step 3. Press send.
Your TextSecure app will send a message to the recipient, whose TextSecure app will AUTOMATICALLY respond with a message to establish a secure connection. This process must be carried out once for each phone number or contact.
 
Figures 11 and 12: Key exchange messages.
Step 4. When the secure connection with this contact is established, a locked padlock icon will appear on the top-left corner.
Figure 12: Key exchange message sent.
Note: You can change the settings to prevent TextSecure from replying automatically by choosing Menu, and then Settings
Figure 13: Menu options
Step 5. Scroll down to Complete Key Exchanges. This option will automatically complete key exchanges for new secure sessions or for existing sessions with the same identity key.
Figure 14: Settings.
Step 5. Uncheck the box to turn this option off as it appears below.
Figure 15: Complete Key Exchanges unchecked.

2.3 Identity verification

To verify that connection you established is with the right person, you can follow these steps.
Step 1. Select the text message that was automatically sent by TextSecure to establish the secure connection.
Figure 16: Sample selected text message
Step 2. Select Menu and then tap Secure Session Options to activate the following screen:
Figure 17: Menu options
Step 3. Tap Verify Recipient Identity. This will display a set of characters for you as well as the person on the other side.
Figure 18: Secure session options.
Step 4. Contact the other person (via phone or other secure channels) and confirm they see the same set of characters.

2.3 Exchanging encrypted messages

Step 1. Tap the TextSecure icon.
Step 2. Compose a new message.
Figure 19: Home screen.
Step 3. Select the desired contact.
Figure 20: Contact selection field.
Step 4. Verify the padlock appears in the send button to signify that your text will be secure.
Figure 21: Message composition field
Step 5. Write the message.
Figure 22: Sample message.
Step 6. Click Send.
Important: If the padlock doesn't appear next to the send button as you are writing your text message, it means that the message you will be sending is travelling in plain-text, and is can be intercepted and recorded along the way.