In light of the recent surveillance scandals that have hit the USA and to some extent the UK, the key developers for the CyanogenMod project have been adding some new privacy features to the alternative Android firmware. First, the Run in Incognito Mode, which limits as apps access to your personal data at a system level, has now been integrated into the nightly builds under its new name of Privacy Guard. Even more interestingly, Koushik Dutta has started to integrate a secure (encrypted) messaging service for devices running CM.
The philosophy behind the new PushSms app/plugin, which is still under heavy development, is that the encryption should be handled in the background without the user needing to worry about how it works. The idea is that all messages exchanged between two CyanogenMod devices will be encrypted end to end and sent over Google Cloud Messaging. Since the encryption is build into the bowls of CyanogenMod, it works transparently, even with third party apps. Dutta has done some extensive testing with apps like GoSMS to check that the encryption happens for all messages, regardless of how they are sent.
This new privacy feature in CyanogenMod works because of some clever changes in the telephony framework. Now SMS messages can now be intercepted, encrypted and then sent via the Google Cloud Messaging service if needed.
According to Dutta, this is how Apple’s iMessage works and it is reckoned that governments aren’t able to spy on iMessage traffic. The use of encryption over iMessage is transparent as iOS encrypts the messages automatically when they are sent between two Apple users. SMS is only used when needed.
What do you think? Clearly the CyanogenMod changes are brilliant, but shouldn’t Google be doing something like this in stock Android?