1) On KitKat, unencrypted SMS messages are never stored in
TextSecure unless it is set as the system-wide default.
2) On KitKat, if TextSecure is set as the system-wide default,
provide an option to change the default to a different app.
3) Don't store the TextSecure challenge on KitKat+ devices.
1) If the SMS fallback preference is disabled, no outgoing
messages will succeed via the SMS transport.
2) If the SMS fallback preference is disabled, "mirroring" the
SMS db state when not the default system SMS app is disabled.
The theme from the manifest is used for the startup animation.
Previously light background with a dark actionbar and the
green icon was displayed during the startup animation, then
the theme switched to whatever is configured in settings.
Now a black background without actionbar is used for the
startup animation. This was chosen because a black "flash" when
using the light theme is visually less distracting than a white
flash when using the dark theme.
1) Move the attachment structures into the encrypted message body.
2) Encrypt attachments with symmetric keys transmitted in the
encryptd attachment pointer structure.
3) Correctly handle asynchronous decryption and categorization of
encrypted push messages.
TODO: Correct notification process and network/interruption
retries.
On Jelly Bean and above:
- Use the standard notification style for a better and consistent visual
appearance
- Use the JB notification actions API for the locking action
- Use a lower notification priority to prioritize other notifications
over TextSecure
On ICS:
- Use the existing custom notification layout
Everywhere:
- Allow opening the app itself from the notification
- Simplify strings: don't talk about a "cached passphrase" but about the
app being "unlocked"/"locked"
Remove unnecessary and redundant nested layouts, fix the alignment of
the unlock button to the right edge of the screen, use cleaner margins
and replace the deprecated fill_parent sizes with match_parent.
1) The system does actually enforce having a BROADCAST_SMS
permission on the SMS receiver. Break out the "delivered"
parts of this into a separate Receiver, so the permission
won't trip up GB devices.
2) The system does actually enforce having "quick response"
intents. Add a no-op for now.
3) Add a "make default" prompt.
4) Update settings to reflect what's going on in KitKat.
Look like an Android app from 2013.
Remove the redundant Gingerbread button styles from buttons to
automatically use the Holo theme on phones that don't run a 3+ year old
operating system.
Create a new style for horizontal progress bars that uses the Holo
progress bar style on v11 and above.
1) Added a new message status to MmsDatabase to
signify a pending MMS download which requires
APN settings.
2) Added a database method to query MMS messages
based on status.
3) Added login to SendReceiveService for processing
of MMS pending APN information.
4) Moved all APN/MMS settings into ApnPreferencesActivity
and transformed PromptApnActivity into a simple
informational activity.
5) Added logic to check for APN settings on send and
receive of all MMS (media, group, email) and direct
user to PromptApnActivity then ApnPreferencesActivity
if necessary.
6) Vocab/grammar adjustments.
I felt that the description of what "in-thread notification" could be difficult to understand for some. This is better, I think (though I'm not fully satisfied).
1) ABS is now published as an AAR, so we can eliminate all local
dependencies and bundled jars.
2) Upgrade to ABS 4.4.0 (The Last Release) and deal with the loss
of Sherlock.Dialog by faking it with our own themes.
3) Remove all traces of ant. The modern world is here.
1) Allow imports from the stock SMS database at any time.
2) Provide plaintext export support, in a format compatible with
the "SMS Backup And Restore" app.
3) Fix the DB weirdness on encrypted restore that previously
required killing the app.
1) Broke out the UI elements of the major Activites into stylable
attributes.
2) Created a 'light' and 'dark' theme for the newly stylable attrs.
3) Touched up some of the UI spacing.
4) Implemented dynamic theme switching support.
1) There is no longer a concept of "verified" or "unverified."
Only "what we saw last time" and "different from last time."
2) Let's eliminate "verify session," since we're all about
identity keys now.
3) Mark manually processed key exchanges as processed.
1) We now delay MMS notifications until a payload is received,
or there's an error downloading the payload. This makes
group messages more consistent.
2) All "text" parts of an MMS are combined into a second text
record, which is stored in the MMS row directly rather than
as a distinct part. This allows for immediate text loading,
which means there's no chance a ConversationItem will resize.
To do this, we need to include MMS in the big DB migration
that's already staged for this application update. It's also
an "application-level" migration, because we need the MasterSecret
to do it.
3) On conversation display, all image-based parts now have their
thumbnails loaded asynchronously. This allows for smooth-scrolling.
The thumbnails are also scaled more accurately.
1) We now try to hand out cursors at a minimum. There has always been
a fairly clean insertion layer that handles encrypting message bodies,
but the process of decrypting message bodies has always been less than
ideal. Here we introduce a "Reader" interface that will decrypt message
bodies when appropriate and return objects that encapsulate record state.
No more MessageDisplayHelper. The MmsSmsDatabase interface is also more
sane.
2) We finally rid ourselves of the technical debt associated with TextSecure's
initial usage of the default SMS DB. In that world, we weren't able to use
anything other than the default "Inbox, Outbox, Sent" types to describe a
message, and had to overload the message content itself with a set of
local "prefixes" to describe what it was (encrypted, asymetric encrypted,
remote encrypted, a key exchange, procssed key exchange), and so on.
This includes a major schema update that transforms the "type" field into
a bitmask that describes everything that used to be encoded in a prefix,
and prefixes have been completely eliminated from the system.
No more Prefix.java
3) Refactoring of the MultipartMessageHandler code. It's less of a mess, and
hopefully more clear as to what's going on.
The next step is to remove what we can from SmsTransportDetails and genericize
that interface for a GCM equivalent.
Yet another setting that most users will never touch. Workaround for
those who would is to use a different identity key per device.
Let this be a sacrifice to the android settings design pattern gods.
The vast majority of users will never uncheck this option. Those who
would can send an unencrypted untagged message through the system sms
app. It would then be stored locally in the clear, but it was already
transmitted in the clear and likely stored on the recipient's side in
the clear, so the security gains of locally encrypting are low, and
again, this seems an extremely rare edge case.
By android design pattern specs for the settings menu, we should kill
this preference.
Android design pattern best practice recommends placing the settings
menu item below all other items because it's not frequently needed.
In that spirit, I've also moved the clear passphrase option to be first
since it is likely to be used more often than database import/export.
See WhisperSystems/TextSecure#139
This fix involves setting transcriptMode to normal on conversation view,
which resolves the issue but comes with the side effect that if you
have scrolled away from the bottom of the list, new incoming messages
will not trigger auto-scroll as they arrive.
Currently we're flipping the radio in "MMS" mode, and connecting through
any proxies specified in the APN. This always work, or at least doesn't
seem to work on Sprint, since the configured mms proxy rejects proxy
requests.
Instead we try the following in this order:
1) Connect over normal data connection directly to MMSC.
2) Connect over MMS radio connection to MMSC.
3) Connect over MMS radio connection with any configured proxy to MMSC.
Hopefully this doesn't fuck up shit on other unknown networks.
1) Update the create, prompt, and change passphrase activities.
They are no longer dialog themed, and should look a little
less ugly.
2) Update the import DB activity to be less ugly and more robust.
3) Abstract all of the state handling stuff out of
ConversationListActivity. This is now handled by RoutingActivity,
which all launch intents move through.