ChatSecure

ChatSecure v1.3 Released

What’s New in Version 1.3

• Multiple simultaneous account support! (Facebook, GTalk, AIM, XMPP)
• Option to remember account passwords in iOS keychain
• User interface improvements
• Many, many bug fixes
• Upgrade to libotr 4.0.0
• iOS 6 and iPhone 5 support
• Removes support for armv6 devices and now has a minimum requirement of iOS 4.3. Sorry!

Free Download (changelog)

v1.3 Status Update

A number of changes have been committed to the master branch since the last status update:

• The refactoring required for multiple account support is almost complete.
• Global XMPP SSL certificate verification preferences have been removed and have been replaced with per-account settings. (Thanks to Chris Gahan for mentioning it before it was ever a problem)
• Currently there is no UI for relaxing the cert checks anymore, but the underlying code is in place. This will need to be hooked up toOTRLoginViewController and tested thoroughly before v1.3 submission.
• Some UI elements have been simplified or merged into other views.
• The Conversations view (only available on iPhone) has been eliminated and has been replaced by an editable “Recents” list at the top of your Buddy List on both iPhone and iPad.
• Adding accounts is now done directly from the Settings screen.
• Fixes have been made to the logic for when to show message notifications
• It also doesn’t crash anymore when trying to reply under certain scenarios
• Support for sharing a link to the App via Twitter on iOS 5 and higher.

There are still some issues related to not properly downgrading back to plaintext aftercancelinga secure conversation that need to be fixed before the next update as well. Once that is figured out, we should be on track for submission to the App Store very soon!

ChatSecure v1.3 Progress

I have been mainly working on UI / usability improvements and trying to iron out some persistent bugs. Here are the things that still need to be done before the 1.3 release:

• Figure out how to properly downgrade conversation to plaintext (Ian’s explanation on the otr-dev mailing list wasn’t clear to me, so maybe Miron could be of help)
• Hopefully this will fix the “missing messages” bug.
• Rigorously test the security of the new password storage mechanism (uses iOS keychain)
• Make the XMPP SSL certificate-checking options (hostname mismatch, or allowing self-signing) per-account, rather than global, and only for custom XMPP accounts.
• Implement SSL cert verification if possible.
• Fix the “multiple conversations with the same buddy” bug.

We have a Mailing List

We now have a Google Group for public discussion about the app. Feel free to join!

In other news, we are moving ahead with multiple account support and better UI integration with other XMPP services like Facebook, Jabber, Google Apps, and custom servers. Expect v1.3 to be on the App Store in the next few weeks. We are considering dropping AIM support in a future release because the LibOrange library seems to be dead. If you still use AIM and would like to see it kept in the app, please make your voice heard!

Also, if have a paid iOS developer account and are looking for longer-running background support, check out the background branch on Github.

Version 1.2 Approved

I would like to announce a partnership with The Guardian Project, who develops the Android equivalent of ChatSecure called Gibberbot, along with a whole suite of mobile security applications. It’s an exciting time for open-source secure mobile communications!

Version 1.2 has been approved! This new version includes support for limited background messaging, the #1 most requested feature. Yay!

Background Messaging

Unfortunately, Apple’s policies prevent the creation of secure chat applications that run in the background indefinitely. The only way to get backgrounded sockets on iOS is to register your app as “VoIP”, but unless you actually implement VoIP services, you will get rejected from the App Store. A common workaround used by other chat programs is to run the real chat client server-side and run a “push service” that sends the messages to your phone. That approach is unacceptable for this app because it would require me to build my own push server, which comes with quite a few drawbacks:

• Centralized storage of login credentials
• Single point of failure
• Vulnerable to eavesdropping
• Expensive to build and maintain
• Maximum size allowed for a notification payload is 256 bytes, and is “best effort” and not guaranteed.

The only other option is to ‘trick’ the OS into continuing to run the application in the background by starting a “long running task” during the applicationDidEnterBackground: in your app delegate, which in this case is an NSTimer set to fire every 10 seconds or so. The main limitation to this approach is that unless you manually restart the app every 10 minutes, it will be force-closed by the OS. This is similar to the technique used by the awesome Verbs app, who graciously helped me tackle this problem.