Allow other apps to have access to unencrypted SMS messages

[bodywithoutorgans]

I have:

• [x] searched open and closed issues for duplicates
• [x] read https://github.com/WhisperSystems/Signal-Android/wiki/Submitting-useful-bug-reports

  Bug description

When Signal is set to receive all SMS messages, other applications cannot read standard unencrypted SMS messages.
I have found similar requests #464 and #482, but they are about encrypted messages, whereas mine is about unencrypted ones.

Steps to reproduce

• turn on "receive all SMS" option (not sure about the exact name of this option in English version)
• in Tasker set a profile with condition: event / received text and a task using eg. %SMSRB, %SMSRN variables (message body and sender name)
• install SMS Code Reader (https://play.google.com/store/apps/details?id=pl.aetas.android.smscode) - application coping online banking codes from SMS to clipboard

Actual result:

• when an SMS arrives, the Tasker profile is not activated.
• when you run the Tasker task maually, it uses the last SMS that had been received before Signal was chosen as SMS client
• SMS Code Reader doesn't work - when bank codes are received, they are not coppied to clipboard

Expected result: Apps like Tasker and SMS Code Reader should have access to unencrypted SMS messages.

Device info

Device: Sony Xperia P LT22i Android version: 4.1.2 Signal version: 3.15.2

[skulumani]

I think this is a function of how Android handles SMS apps. When Signal is the default the SMS messages totally bypass the default SMS manager and go directly to Signal. Therefore no other app is able to utilize them.

I'm not positive but this behavior would also exist for other third party apps that are set as the default. You could try using some other SMS app (such as Textra etc.), set it as the default, and see if your Tasker profiles are activated.

[johanw666]

No, the issue is that Signal bypasses the system SMS database and uses its own, encrypted, database. Apps like SMS code reader check the system SMS database and since nothing arrives there it can't see the message. I see no real solution for this, it's a security vs. usability issue. SMSSecure has the same issue.

[bodywithoutorgans]

Would it be possible to store these messages in both system SMS database and Signal database? Since standard SMS messages are not encrypted anyway, would it pose a security issue? Of course it should be optional.

[Killeroid]

Seconding @bodywithoutorgans idea , Signal should have an option that allows you to save SMS messages in the SMS database(and in the Signal database). The user is then only able to toggle this option when no passphrase has been set.

It'd allow other apps to co-exist with Signal and would actually also partially solve the problem of backups since users with this option enabled can easily backup their unencrypted SMS/MMS messages.

[superduperuser]

I'm glad to see I'm not the only one who would like this issue resolved. I use MightyText to be able to respond to SMS messages from my desktop, and since Signal-Desktop does not seem to have any intention to work with SMS conversations, this probably isn't going to change. Both Signal and MightyText receive messages and import them into a database, but while MightyText syncs theirs with the regular SMS database, Signal doesn't. This causes broken conversations where SMS messages sent by MightyText don't show up in Signal and vice versa. Until there's a solution, I'm probably going to have to only use Signal for encrypted messages and use another app for SMS.

As another idea, how about an option to have Signal use the regular database for SMS and merge it by time-stamp with it's own encrypted database when displaying conversations (like how Hangouts did http://www.greenbot.com/article/2971862/android-apps/how-to-merge-sms-conversations-in-google-hangouts.html)? There's no difference in security compared to @bodywithoutorgans 's idea and it would allow users to quickly turn off and remove SMS messages from the app without needing to delete them from any database, should someone want to not use Signal for SMS anymore but still want to use the encrypted chat. Also makes backups a breeze, Signal messages can be backed up with Signal and SMS with, say, SMS Backup and Restore.

And of course users that are concerned with the small loss of security could still choose to have the app import all existing SMS into the regular database and keep everything in-app, as before.

[alejandrokennedy]

I second @bodywithoutorgans, @Killeroid, and @superduperuser. I have the exact same problem as superduperuser and am going back to Textra as a result. Does anyone know if progress has been made on this issue, or if there's a good explanation of it?

[samhh]

I wanted to set up some Tasker actions based upon phrases received as text messages, however am running into this issue. I'd like at least an option as mentioned above.

[brunobeltran]

Adding a voice to the crowd, I too will have to switch back to textra for SMS, as I rely on various other sms integration apps which I would be happy to continue using only for unencrypted messages, and having the unencrypted messages stored in the signal database instead of the devices sms store makes this impossible.

[Kamul-PL]

Today I set Signal as my default SMS app, and I was also disappointed when I realized, that SMS-es are no longer accessible with other SMS apps. Is there a chance this behaviour will be changed in the nearest future (could be of course as an option).

[Kamul-PL]

I know that - I read that in this thread. But I can't see the reason, why casual SMSes should be stored encrypted. They are not secure anyway... I wanted to admit, that I'm not saying about the Signal native "SMSes" - here I don't see any problem. By the way, for me (and, I assume, for every security concerned user) SMSes security is provided by FDE of /data partition.

[moxie0]

There is no way for us to merge a local database view with a system database view, so we either have to store all messages (SMS or otherwise) in the system SMS database or store all messages (SMS or otherwise) in our own database.

We could certainly create a ContentProvider that allows other apps to request a permission to access the Signal database, but I don't think that would actually help anyone here, since other apps are most likely not going to make use of that content provider. If you want third party apps to have access to your messages, I'd recommend using another app for SMS/MMS.

[Kamul-PL]

That's a pity, because I was trying to avoid using two apps - Signal and other one for SMS/MMS. Thank you for the info anyway.

[sparr]

"There is no way for us to merge a local database view with a system database view"

That sounds rather unbelievable. There are plenty of apps that show SMS alongside IMs, some alongside emails and other content from an app-specific database. What is preventing you from merging the two views?

Further, what's wrong with not merging them and just keeping unencrypted SMS in both places (in your local database for the Signal app to show and in the system database for other apps to read)?

[moxie0]

That sounds rather unbelievable. There are plenty of apps that show SMS alongside IMs, some alongside emails and other content from an app-specific database. What is preventing you from merging the two views?

If you think it's easy, go for it!

[sparr]

@moxie0 I would, if you hadn't built the system such that installing a development version wipes my messages and makes me start over with a new key. I gave up on using Signal at all a few hours after my first attempt to do any Signal development.

[moxie0]

@sparr If you're referring to APK code signing, I didn't design that, Android did. It's a pretty essential security feature. If you want to install two versions along side each other, just change the package name.

[usmarine2141]

I on the otherhand HATE that my signal messages that are unencrypted are in my default SMS app. I absolutely HATE it. i use signal for privacy... i would like any SMS encrypted or not to stay in signal ONLY

[probinso]

Definitely do not do this

[usmarine2141]

Already does it. All my messages show up in the stock messenger. Sucks, didn't used to do that

On Mon, Dec 25, 2017, 1:05 AM Philip notifications@github.com wrote:

Definitely do not do this

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/WhisperSystems/Signal-Android/issues/5491#issuecomment-353839597, or mute the thread https://github.com/notifications/unsubscribe-auth/ATwSoxPzpeRnVHPxnlbSahER5oK1oKCwks5tD0krgaJpZM4IdO_K .

[johanw666]

@usmarine2141 isSignal still your default sms app or did it change somehow back to the stock app?

[usmarine2141]

Nope. Signal always my default messenger. Dunno why it does this. I get all messages in stock app, despite signal my default

On Mon, Dec 25, 2017, 3:11 AM johanw666 notifications@github.com wrote:

@usmarine2141 https://github.com/usmarine2141 isSignal still your default sms app or did it change somehow back to the stock app?

— You are receiving this because you were mentioned.

Reply to this email directly, view it on GitHub https://github.com/WhisperSystems/Signal-Android/issues/5491#issuecomment-353852028, or mute the thread https://github.com/notifications/unsubscribe-auth/ATwSox0GROO5ZHHQZFC4BTa7OoM3P213ks5tD2amgaJpZM4IdO_K .

[johanw666]

If you also get them in Signal the default app is cheating (from Android 4.4 forward, all apps that want can access incomming sms so they can also store them. Signal uses this to process registration sms even when it is not the default app), if you only get them in the default app there is something strange going on.

[usmarine2141]

Get them in both. Not very secure. It used to Be encrypted or not, messages only stayed in signal

On Mon, Dec 25, 2017, 8:12 AM johanw666 notifications@github.com wrote:

If you also get them in Signal the default app is cheating (from Android 4.4 forward, all apps that want can access incomming sms so they can also store them. Signal uses this to process registration sms even when it is not the defaulkt app), if you only getn them in the default app there is something strange going on.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/WhisperSystems/Signal-Android/issues/5491#issuecomment-353871922, or mute the thread https://github.com/notifications/unsubscribe-auth/ATwSo0WgE58-PWWNbtlsL8wcvhRTNdr9ks5tD61BgaJpZM4IdO_K .

[automated-signal]

GitHub Issue Cleanup: See #7598 for more information.