Recently I (Stephen A. Ridley) have been doing quite a bit more security research on embedded systems and mobile platforms like phones. This naturally means more development in these areas. A while back I ran into SL4A or Scripting Layer for Android which was (at the time) called ASE or Android Scripting Environment. (Apparently they changed the name for googlability). Anyway, this software is neat because it lets you write scripts in Python, Perl, JRuby, Lua, BeanShell, JavaScript, Tcl, and shell scripts and will give you native access to “phone functions”.
I have been developing and building quite a bit of Dalvik Java recently (you can even execute native ARM elfs on Android with some trickery ;-). I’d always liked the idea of SL4A but never had any practical use for it, but recently I thought of a project that would lend itself well to the Scripting Layer: Encrypting SMS messages!
Introducing: Blowfish_SMS.py!
The idea was basically to write a tool that would allow you to send and receive encrypted SMS messages between friends with whom you’ve pre-negociated a secret key (either by voice or in person). Telco’s and Wireless carriers keep records of all your SMS’s. Why not protect this data? You don’t need to have anything to hide, it merely a matter of being comfortably private. The reason that the scripting layer lends itself to this so well is because paranoids (like myself) generally want to “trust” the application by reviewing it first. The plaintext nature of Python scripts works really well for this (because it saves the trouble of disassembling and analyzing the binary…and most of us are lazy). People who want to use Blowfish SMS, can merely view, edit (or even modify) the contents of the script directly on their phone before executing it.
Read all about the project and see screenshots here.
Read all the code and stuff here.
You cipherpunks may complain and notice this, but whatever. Ok, back to actual work now! (oh and we have a few blogposts from many months ago that we have yet to post. Stay tuned for that. Thanks!)
Don't Stuff Beans Up Your Nose 
Android Users Howto
January 29, 2011
You may want to get in touch with the Open Ideals guy. How was writing a while back that there was no suitable Android app for encrypting SMSes.
Lammo
June 21, 2012
I just bought my first Android phone and one of the first things I wanted to do was install perl… that’s how I found out about SL4A and eventually stumbled across this post. I’m thinking about doing something similar to your encrypted sms script, but with added decoy messages and generating and exchanging a temporary passkey at the start of each sms session.
susant
December 12, 2012
how to read encrypted sms by security agencies