Google could tweak Android, in a pretty simple way, and make it immensely easier for anyone, not just geeks, to do cryptography with a nice user experience. All the pieces are there ready to go.

[Note: I posted this first over on Google+ because I was trying to reach the Android group, and there’s some useful discussion. But I thought I should replicate it here where I can stretch out a bit and show examples. Some of the material here assumes you know Android-API basics.]

If you look at my screencasts showing off sending and receiving an encrypted message using the OpenKeychain Android app, you’ll notice they share an irritant: The stupid useless-to-humans encrypted text is visible; it looks like this:

Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools -

There can be no conceivable benefit in showing this junk to a person (present company excepted). However, you can see that the format is fixed (in 2007, in RFC 4880), and very easy to recognize.

Lock glyph

So, what Android programs like Gmail should do is, first, don’t show the stupid crypto gibberish, show a nice little glyph that means “there’s something encrypted here”. I’ve put one in the margin, but obviously the people in the Android group could come up with something more professional.

Second, when the person looking at the glyph wants to read whatever’s behind that lock, they can tap it. Then, the software should compose an Intent including this…


…which can be used to fire up the crypto app of the user’s choice. [Note: I guess you’d want to fire off a ResolveActivity call first to make sure there’s something installed that can decrypt, and if it comes back empty, respond to a tap with a polite note about installing one of the several excellent crypto apps in the Play store.]

The other important thing is that Google should open-source license the lock graphic, as well as code that builds and fires the right Intent, while taking care of corner cases. Which would encourage anyone else who’s handling perhaps-private messages to Do The Right Thing.

It really wouldn’t be that hard at all.

Then anyone who wanted to could arrange for their messages to have Strong Privacy; and thus reduce the attack surface of the whole Internet.

author · Dad
colophon · rights

October 12, 2014
· Technology (90 fragments)
· · Security (38 more)

By .

The opinions expressed here
are my own, and no other party
necessarily agrees with them.

A full disclosure of my
professional interests is
on the author page.

I’m on Mastodon!