DekuSMS-Android icon indicating copy to clipboard operation
DekuSMS-Android copied to clipboard

Published 20 hours ago verified publisher icon deku-messaging

False status of encrypted contacts with notification drawer issue part 2

Open SwiftScriptr opened this issue 9 months ago • 2 comments

App does not register between other contacts on older versions to be a 'secure contact'. (Desired more accurate readings across all versions)

I would assume that there are only issues with newer versions sending to older versions only, will confirm upon installation of new releases being the same across all devices.

Will also acknowledge responses in notification tab were not sending/delyed notification functionality in the drawer.

Affected platform Android 12 and up devices.

SwiftScriptr avatar Feb 13 '25 13:02 SwiftScriptr

The encryption algorithm changed in this release - the announcement was done on the Telegram channel that this would be a breaking release and not backward compatible

https://github.com/dekusms/DekuSMS-Android/releases/tag/62

sherlockwisdom avatar Feb 14 '25 20:02 sherlockwisdom

Hello, upon the following I have observed (and testify to your reply).

  1. Successful verified reading upon contacts with the same version as the app.

  2. whilst not having the same app, due to having other e2ee encrypted apps, i was still able to send encrypted messages (i believe) to the other contacts.

Evidence for this being the sms's (on my new device) having the same value once sent, 3* the normal sms plaintext length/value.

Also the recipients having signal messenger (or even other mail clients) may have prevented the sms app on my device from defaulting to the plaintext, as all devices can still interpret the code having installed older algorythms to newer ones from this app.

So a possible conclusion would be the app, being standalone, cannot detect 'secure communication' based on other api functions/libraries of those e2ee/encrypted algorythms supported apps giving it a false reading.

It's not so conscerning, but it would seem this app has/can be externally interpreted whilst believing it is standalone. I would think alot of effort would be put into it to sandbox the app from being interpreted (for the npu imbedded devices especially, then again that means 32bit cpus are safe so i can sleep well (⌐■_■) )

  1. responses in the notification box still crash upon the attempts to send one to a recipient of the same app version.

Also, auto (suggested) responses are atleast reappearing as an option again within same app versions (they weren't with differing builds) but i believe they too will still crash the app like a manual response in the notification bar.

Not to nag but I hope this warrants a reopening as an enhancement for example, and not a bug if listed issues have similarly been stated among this discussion.

I've read one where u discussed full plaintext intergration without use of data, (applications of compatible sms algorythms/procedures to initiate secure sms through sms and not cell data) That leaves me to believe there is the possible exposure point to interpretation of encrypted text as stated in point 2).

SwiftScriptr avatar Feb 17 '25 10:02 SwiftScriptr

Resolved in new release: 0.63.0

sherlockwisdom avatar Nov 13 '25 15:11 sherlockwisdom