Choosing your messenger is pretty easy. Unless you actually really care about security and privacy. If you do, you can’t just go with your friends’ first suggestion. You also can’t trust the vendor’s claims. After all, they are all very secure, according to themselves.

We decided to take a closer look at the android client for TextSecure. On paper, it appears to be the best trade-off of features and security.

Setting Up the Projects

To actually dissect the app, we’re going straight to the source. Literally. TextSecure actually has pretty decent documentation. We’re following the android studio guide, but you may just as well build the app without any IDE. I can’t recommend using the eclipse guide, setting up in an existing eclipse installation took me longer than downloading, installing and setting up in Android Studio.

With Android Studio, the easiest path appears to be cloning the project anywhere you like and then using File → import existing to create a Android Studio project. Grab a coffee, this is going to take a while. Setup is described in more detail in the wiki.

Afterwards, it took me a few round trips to the SDK-Manager, and i added the android-support-v4.jar to the libs directory. Gradle complained and demanded to be refreshed. So i did.

Now, we can actually compile and run the app in an emulator (or on a spare device, if you have one). This should look somewhat like the screenshot introducing this post.

Why This is an Important First Step

Right now, all we know is, that the provided source code is compiling to something. We don’t know anything about its security, yet. We also don’t know if the provided source yields the same app that can be found in the play store, or if their encryption works the way they claim. All of this will be the topic of upcoming blog posts.

To verify some of the next steps, we need a compiling source code. In the next installment, we’ll go over the project layout and some basic code metrics.