1) Move the attachment structures into the encrypted message body.
2) Encrypt attachments with symmetric keys transmitted in the
encryptd attachment pointer structure.
3) Correctly handle asynchronous decryption and categorization of
encrypted push messages.
TODO: Correct notification process and network/interruption
retries.
1) Add encryption support for the transport layer. This obscures
metadata from the push messaging provider.
2) Better support the direction multiple destination messages is
headed (one unique message per recipient).
1) Added SMS transport support.
2) Keep track of whether a PreKeyBundle message has gotten
a response, and send them as subsequent messages until
one has been received.
1) Move all the crypto classes from securesms.crypto.
2) Move all the crypto storage from securesms.database.keys
3) Replace the old imported BC code with spongycastle.
1) Make the radio change a synchronous action with a timeout.
2) Move the send logic into an MmsTransport, in preparation for
UniversalTransport composition.
3) Move the download logic into a synchronous receiver.
On Jelly Bean and above:
- Use the standard notification style for a better and consistent visual
appearance
- Use the JB notification actions API for the locking action
- Use a lower notification priority to prioritize other notifications
over TextSecure
On ICS:
- Use the existing custom notification layout
Everywhere:
- Allow opening the app itself from the notification
- Simplify strings: don't talk about a "cached passphrase" but about the
app being "unlocked"/"locked"
Messages that are not "secure" (encrypted or key exchange) are
automatically marked as read if TextSecure isn't the default
KitKat SMS app.
This change in functionality allows people who aren't using
TextSecure as a default SMS app on KitKat to still receive
notifications when they get incoming encrypted messages.
1) The system does actually enforce having a BROADCAST_SMS
permission on the SMS receiver. Break out the "delivered"
parts of this into a separate Receiver, so the permission
won't trip up GB devices.
2) The system does actually enforce having "quick response"
intents. Add a no-op for now.
3) Add a "make default" prompt.
4) Update settings to reflect what's going on in KitKat.
1) Added a new message status to MmsDatabase to
signify a pending MMS download which requires
APN settings.
2) Added a database method to query MMS messages
based on status.
3) Added login to SendReceiveService for processing
of MMS pending APN information.
4) Moved all APN/MMS settings into ApnPreferencesActivity
and transformed PromptApnActivity into a simple
informational activity.
5) Added logic to check for APN settings on send and
receive of all MMS (media, group, email) and direct
user to PromptApnActivity then ApnPreferencesActivity
if necessary.
6) Vocab/grammar adjustments.
1) ABS is now published as an AAR, so we can eliminate all local
dependencies and bundled jars.
2) Upgrade to ABS 4.4.0 (The Last Release) and deal with the loss
of Sherlock.Dialog by faking it with our own themes.
3) Remove all traces of ant. The modern world is here.
Regardless of which theme is used, the text color for the timeout
interval was being set to black. This made it difficult to
read when using the Dark Theme.
Not really sure how it's possible for the system to give us an
extra block of data, but it does if both the input and output
buffers are sized the same during the first decrypt. This
fixes things, but I wish I better understood why it was broken.
1) There was a regression in the outgoing multipart transport
logic, such that the same 'identifier' byte would be used
for all messages (0). This now works correctly.
2) Added some additional heuristics on the receiving side.
Now mutlipart containers are only valid for 1hr, and are
considered invalid if the container size is different from
the multipart message size.
Removed previous multiple comparisons that were variations of capitalizing the same phrase by converting the original phrase to all uppercase and then comparing
1) Allow imports from the stock SMS database at any time.
2) Provide plaintext export support, in a format compatible with
the "SMS Backup And Restore" app.
3) Fix the DB weirdness on encrypted restore that previously
required killing the app.
1) Broke out the UI elements of the major Activites into stylable
attributes.
2) Created a 'light' and 'dark' theme for the newly stylable attrs.
3) Touched up some of the UI spacing.
4) Implemented dynamic theme switching support.
1) Fixed the "Unsupported Encoding!" problem.
2) Workaround for the Sprint issue, where the MMSC is adding a single
extra byte to the end of each encrypted message.
3) Fixed the "large blob of base64 text" on encrypted MMS problem.
1) There is no longer a concept of "verified" or "unverified."
Only "what we saw last time" and "different from last time."
2) Let's eliminate "verify session," since we're all about
identity keys now.
3) Mark manually processed key exchanges as processed.
On some systems, the DB upgrade was failing because there were
too many rows for the cursor window. This moves some looping
operations into single update statements by using the substr()
command, and chunks the rest using a series of LIMITs.
1) Display the individual sender name in a group conversation.
2) Add an "address" column to MmsDatabase and keep FROM there.
3) Remove all blocking operations from MmsDatabase.Reader path.
4) Strip SMIL and other undisplayable parts from part count.
5) Fix places where messages weren't being correctly decrypted.
1) We now delay MMS notifications until a payload is received,
or there's an error downloading the payload. This makes
group messages more consistent.
2) All "text" parts of an MMS are combined into a second text
record, which is stored in the MMS row directly rather than
as a distinct part. This allows for immediate text loading,
which means there's no chance a ConversationItem will resize.
To do this, we need to include MMS in the big DB migration
that's already staged for this application update. It's also
an "application-level" migration, because we need the MasterSecret
to do it.
3) On conversation display, all image-based parts now have their
thumbnails loaded asynchronously. This allows for smooth-scrolling.
The thumbnails are also scaled more accurately.
1) We now try to hand out cursors at a minimum. There has always been
a fairly clean insertion layer that handles encrypting message bodies,
but the process of decrypting message bodies has always been less than
ideal. Here we introduce a "Reader" interface that will decrypt message
bodies when appropriate and return objects that encapsulate record state.
No more MessageDisplayHelper. The MmsSmsDatabase interface is also more
sane.
2) We finally rid ourselves of the technical debt associated with TextSecure's
initial usage of the default SMS DB. In that world, we weren't able to use
anything other than the default "Inbox, Outbox, Sent" types to describe a
message, and had to overload the message content itself with a set of
local "prefixes" to describe what it was (encrypted, asymetric encrypted,
remote encrypted, a key exchange, procssed key exchange), and so on.
This includes a major schema update that transforms the "type" field into
a bitmask that describes everything that used to be encoded in a prefix,
and prefixes have been completely eliminated from the system.
No more Prefix.java
3) Refactoring of the MultipartMessageHandler code. It's less of a mess, and
hopefully more clear as to what's going on.
The next step is to remove what we can from SmsTransportDetails and genericize
that interface for a GCM equivalent.
Yet another setting that most users will never touch. Workaround for
those who would is to use a different identity key per device.
Let this be a sacrifice to the android settings design pattern gods.
The vast majority of users will never uncheck this option. Those who
would can send an unencrypted untagged message through the system sms
app. It would then be stored locally in the clear, but it was already
transmitted in the clear and likely stored on the recipient's side in
the clear, so the security gains of locally encrypting are low, and
again, this seems an extremely rare edge case.
By android design pattern specs for the settings menu, we should kill
this preference.
Provides an in-app source for APN info for use in the case that the
device store is unavailable and the user hasn't provided local
connection parameters.
Only covers T-Moble USA, AT&T, and Verizon right now. Only T-Mobile is
tested. Other carriers can be added and tested on an ongoing basis.
Currently we're flipping the radio in "MMS" mode, and connecting through
any proxies specified in the APN. This always work, or at least doesn't
seem to work on Sprint, since the configured mms proxy rejects proxy
requests.
Instead we try the following in this order:
1) Connect over normal data connection directly to MMSC.
2) Connect over MMS radio connection to MMSC.
3) Connect over MMS radio connection with any configured proxy to MMSC.
Hopefully this doesn't fuck up shit on other unknown networks.
1) Update the create, prompt, and change passphrase activities.
They are no longer dialog themed, and should look a little
less ugly.
2) Update the import DB activity to be less ugly and more robust.
3) Abstract all of the state handling stuff out of
ConversationListActivity. This is now handled by RoutingActivity,
which all launch intents move through.
1) Consolidate all of the KeyCachingService interaction into a single
mixin. Activities extend delegates which call through to the mixin.
2) Switch Activity increment/decrement triggers from onStop to onPause
in order to account for some screen locks that don't stop activities.
1) If a message fails to be delivered, post a notification in the
status bar if that thread is not active and visible.
2) If a message fails to be delivered because there is no service,
keep retrying every time service becomes available again.
1) Refactor the master secret reset logic to properly interact with
services.
2) Add support for "BigText" and "Inbox" style notifications.
3) Decrypt message bodies when unlocked, display 'encrypted' when
locked.
1) Don't add a notification item to the notification bar if the thread the
message is for is active and visible.
2) Only sound the notification ringtone at 1/4th volume if the thread the
message is for is active and visible.
3) Auto-clear the notification in the notification bar when a thread becomes
visible from a screen-off situation.
4) Make notification updates asynchronous.
1) We record time sent in SMS database (date_sent).
2) We record time received in MMS database (date_received).
3) We union this information correctly in MmsSmsDatabase.
1) Switch back from AsyncTasks to an Executor and Futures.
2) Make the Executor operate LIFO.
3) Make the Executor thread a BACKGROUND_PRIORITY thread.
1) Refactor recipient class to support asynchronous loading operations.
2) Refactor recipient factory to simplify recipient access.
3) Consoliate everything into one recipient provider that is capable of
doing async lookups and intelligent caching.
1) Add configuration options for APN information in TextSecure settings.
2) Fall back to TextSecure settings if system settings are unavailable
while sending/receiving MMS.
3) Catch sqlite exception when devices randomly don't have the same
APN db or table structure.
1) When sending an SMS or MMS to multiple recipients, only show one
ConversationItem, but provide statistics on the number of recipients
delivered to.
2) Still break up the messages for secure and insecure messages.
Mostly, the inheritance graph for MessageRecord/MmsMessageRecord was
all messed up, and each class was overloaded for things it shouldn't
have been.
1) Broke MessageRecord/MmsMessageRecord up into: DisplayRecord, ThreadRecord,
MessageRecord, SmsMessageRecord, NotificationMmsMessageRecord, and
MediaMmsMessageRecord.
2) Updated all the adapters/views to keep pace with that change.
1) Add >= ICS profile support (the system-supported "me" contact).
2) Improve <= Gingerbread support for me contact by auto-detecting
contacts that have the same number as the SIM card.
3) Tie in identity key import/export support to the "me" contact.
4) Don't display a "me" selection option in preference if it can
be auto-detected.
5) Refactor out the ContactAccessorNewApi back into the base class.
1) Change the MessageSender logic so that individual SMS messages
are encrypted whenever there is a secure session, unless the UI
explicitly specifies otherwise.
2) Change the MMS logic so that messages to a recipient with a
secure session are all sent individually, instead of including
those recipients into the batch plaintext message.
You know, it's much more fun listening to you in a lecture theatre. :-P
Right; any nit picks now might have to wait 3 weeks, depending on
available connectivity. Hope I did not screw this one up.
This requires a few changes to Recipient in order to make sure we
have a Contact URI at click time. While we're at it, let's git rid
of the OldRecipientProvider, which was for pre-2.0 contact stuff
(no longer supported, woohoo!).
On platforms (API >= 11) that support receiving click events within
a notification, we change the notification format so that users
can "lock" TextSecure with a click.
For all platforms, we change the notification icon in the status
bar from a "lock" to an "unlock," to better reflect the situation.
This is all part of the master plan for eliminating the passphrase
timeout option.
1) Fix up the whitespace tagging so that it's a little more strict.
2) Don't display whitespace tags that we add to our own messages.
3) Make the tag detection prompt a little more visually pleasing.