Who is ESME for?

ESME is for anyone who values there privacy and the security of their SMS communication.

ESME is not meant to replace your default SMS client, but to add the ability to selectively send, secure encrypted messages over the standard SMS service, provided by your cell service / mobile phone provider.

This can give you privacy in a variety of scenarios where information is confidential and an extra layer of security is required or where the possibility that messages are being recorded or accessed by a third party is high. ESME will ensure these messages are unreadable to anyone but the sender any the recipient within the specified time frame.

ESME will stop ease dropping on messages through interception or through local app access. The encrypted messages can only be decrypted and read through the ESME app.

ESME is anonymous, we don’t hold information on you. We don’t give out telephone numbers, we can’t decrypt your messages or views pins or passwords.

 

ESME App Permissions and why?

The permissions required on the device for the ESME app are as follows.

This app has access to:
Contacts
  • read your contacts
  • modify your contacts
SMS
  • read your text messages (SMS or MMS)
  • receive text messages (SMS)
  • send SMS messages

Other

  • control vibration
  • prevent device from sleeping

Access to read your contacts and modify your contacts is to allow ESME to read and list your contacts when choosing who to send an encrypted SMS message too within the app and Modify is to allow the app to add The ESME registration service number to your contact list.

Read your text messages allows ESME to loop through your SMS mailbox looking for ESME encrypted messages. All other SMS messages are ignored.

Receive text messages allows ESME to detect the newly arrived message as one encrypted in a manner it understands and also for the app to receive the initial setup configuration SMS from the registration service.

Send SMS messages This allows ESME to send the encrypted SMS message it has created to your recipient.

If you have any questions on the apps permissions, then please get in touch.

 

Sent Message Decryption Timeout

ESME allows users to set a period of hours a SMS message can be decrypted for. By default this is 72 hours but this can be changed as a default with in the apps settings, or set on a per message basis when drafting a new encrypted message.

This means any SMS message you send using ESME can only be decrypted by the ESME app on the device registered with the telephone number you have sent the message too within the time frame you have specified.

 

Local & Master PIN’s

ESME uses both a Local and Master PIN/ Password.

When the App is first installed you are required to set a PIN or Password.

This PIN / Password is encrypted and stored locally, a hashed identifier is also sent via SMS to the ESME registration service, this is stored along side the number you are registering from.

At this point ESME will check to ensure that the phone number being registered from is either a new unknown number, or if previously registered that the same PIN / Password and registered number combination is again being used to set up the app.

If the PIN/ Password is not the same the app setup process will fail. This is to stop someone either uninstalling or reinstalling the ESME app to reset the pin and be able to un-encrypt the ESME messages if any any still valid of course.

Assuming the initial setup goes well, This initial process sets both local and master pins the same. The local pin is used to access and decrypt the sms messages locally, these can be set independently from each other within the settings section of the app.

You can also use your bio metric fingerprint scanner if your phone supports it, to login and decrypt you messages locally.

 

Fingerprint Login

Version 0.54

  • Enabled fingerprint login and switched it on if the device supported it and if the owner had registered fingerprint stored.

Version 0.55

  • Disabled fingerprint login by default and added the option within settings to enable or disable finger print login if the device is supported and fingerprints are stored.

Blocking Active Message.

When trying to set up the app for the first time, I receive the error message “blocking active message.”

This issue appears to be due to a feature implemented by the TMobile network.

It is a free T-Mobile service that allows you to block messages to and from your phone, to help you avoid unwanted messages.

https://support.t-mobile.com/docs/DOC-1712

You can adjust the setting with T-Mobile and this should resolve the issue.