The National Security Agency is continually clawing for user data, and cell phones are a big part of that effort. Cyanogenmod, the popular aftermarket Android firmware, is going to take the encryption wars up a notch by performing end-to-end encryption on text messages by default.

The developers have enlisted the help of Open WhisperSystems, a company founded by security and cryptography expert Moxie Marlinspike that makes open source encryption software for Android (and soon iOS). While anyone can send encrypted texts on Android using WhisperSystems' Android texting app TextSecure, Cyanogenmod's implementation is an encryption middleware, meaning there is no special SMS app required. Encryption is done at the OS level, so users can use the default or any aftermarket SMS app and all messages will be encrypted. One of the biggest barriers to encryption adoption is that it's usually very inconvenient, but CyanogenMod, Inc. says users won't notice a difference. Ars Security Editor Dan Goodin recently explained how TextSecure uses a cryptographic property known as "perfect forward secrecy" to add an additional layer of protection to real-time text messages. Goodin also found TextSecure to be highly convenient to use.

Open WhisperSystems laid out the full technical details of the encryption methods in a blog post:

The encryption layer is the TextSecure V2 protocol, which employs the Axolotl forward secrecy ratchet for forward secrecy and the 3DHE agreement for deniable messages. The TextSecure V2 cryptographic primitives are Curve25519, AES-256, and HmacSHA256. The transport protocol is the TextSecure Push API, which makes use of a prekey system to obtain forward secrecy in an asynchronous messaging environment.

There are some limitations, of course. End-to-end encryption requires that both the sender and receiver support it, so encrypted texts will only be sent to other users of CyanogenMod or TextSecure, but it's a good start. Messages are delivered over Google Cloud Messaging (GCM), Google's push messaging service, which will hold on to undeliverable messages. Metadata (e.g., sending and receiving phone numbers) is retained, but the message is encrypted. You'll need to install Google Apps in order to use GCM; this is normally an option for CyanogenMod.