Google could tweak Android, in a pretty simple way, and make it immensely easier for anyone, not just geeks, to do cryptography with a nice user experience. All the pieces are there ready to go.
[Note: I posted this first over on Google+ because I was trying to reach the Android group, and there’s some useful discussion. But I thought I should replicate it here where I can stretch out a bit and show examples. Some of the material here assumes you know Android-API basics.]
If you look at my screencasts showing off sending and receiving an encrypted message using the OpenKeychain Android app, you’ll notice they share an irritant: The stupid useless-to-humans encrypted text is visible; it looks like this:
-----BEGIN PGP MESSAGE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - https://gpgtools.org
hQIMAwkuBalYH40qAQ/+J5NzcRNBdhcfipIzDal4cFEgvtfjFLvrEHMaWZn51h5m
EceX+ittkZNwOsDcTacyp2dnIzduqjShFN9Um7eLdkc1G1zENyyvasreB5G2IIMn
IRBCBxPC0nfnFpk+M/KrUCU3yl3oiBebtSwbIKhXsO9ujcWWp5x8uOfM4NcROKVa
HibbtE6YI+t0oZc9+BvidkiCQIZnwbG7Vojg8cNgXQXaFHLYsIS5dXQwVcfG5g4P
fI8qTcFtWNe6x4C3gE25Ztt5xim9JGOrYDpP1jy3FOKfVv7kp9qSz3+69cEFZLG3
1J7hznY4HxHiv0J+TtNtZvPNPs1zq4KDwtZxPA7/qCsayFYBGF2ivw6d6kPOuZZV
E0kMHfSVSygSIkd2FAeLfVWCdPQaWvJr/diahu0+B1Bg6xmt7uqPccaiZ043Kmf3
q/KLADE5e9FDLVs6rOSfwnR7szDUxCUWQBxCzLTH6aZKQSzf3LG/nJkSUOrWUXiO
eHRcujIgjsXDRS8KyVCLMdpcd4za3ndcGxcHbH8eIEik1GjmyoxMYRxIAOw7Cqj0
STLFqHmB0pXKhx23iUrKC0+ivAOVpMEtbjWxeEE1HkV8u5sNkA9d4OHyjuoMLpaW
aa0rsD6LTRF2lsEMtSM5WBHbeplMYinv7fPnFGjM19flc5loFX6SuhnfUxOJ5D3S
SQFdX9omfQWrmGnI/8zv9/z4zkRswv0pD6qGepFaTrcFTieHnnieYogH7E3/n0eW
UIFZkbw/3thlwZ4b6uwDro/26y5ovCayB80=
=9CtG
-----END PGP MESSAGE-----There can be no conceivable benefit in showing this junk to a person (present company excepted). However, you can see that the format is fixed (in 2007, in RFC 4880), and very easy to recognize.
So, what Android programs like Gmail should do is, first, don’t show the stupid crypto gibberish, show a nice little glyph that means “there’s something encrypted here”. I’ve put one in the margin, but obviously the people in the Android group could come up with something more professional.
Second, when the person looking at the glyph wants to read whatever’s behind that lock, they can tap it. Then, the software should compose an Intent including this…
intent.setType("application/pgp-encrypted");
…which can be used to fire up the crypto app of the user’s choice. [Note: I guess you’d want to fire off a ResolveActivity call first to make sure there’s something installed that can decrypt, and if it comes back empty, respond to a tap with a polite note about installing one of the several excellent crypto apps in the Play store.]
The other important thing is that Google should open-source license the lock graphic, as well as code that builds and fires the right Intent, while taking care of corner cases. Which would encourage anyone else who’s handling perhaps-private messages to Do The Right Thing.
It really wouldn’t be that hard at all.
Then anyone who wanted to could arrange for their messages to have Strong Privacy; and thus reduce the attack surface of the whole Internet.
