There is a new yaxim release, fixing the CVE-2017-5589 security vulnerability. PLEASE UPGRADE NOW!. The vulnerability allowed attackers to make messages appear as if they were sent by somebody else:
The release also provides a number of long-awaited improvements like Easy XMPP, Group chats, Android Auto, a new design and much much more.
Easy XMPP
Most XMPP clients are impossible to use for normal people. Usability is a hard problem, and making a federated protocol from the early 2000ies usable is even more so. Now, yaxim provides significant improvements:
Install the app and create an account by just typing your desired user name. A secure password will be auto-generated (and you can overwrite it in the prefs):
You can invite friends using the new “Create Invitation” feature:
You can share the invitation link via QR-code, e-mail, SMS or any other means, and your friend will either see a friendly landing page (source), or immediately get the link opened in yaxim:
Because yaxim is the first client to support XEP-0379: Pre-Authenticated Roster Subscription, it will automatically approve and add your friend.
You can also directly use Android Beamâ„¢ to share your own or any contact’s address, by touching your devices back-to-back.
It comes with technical foundation to support Easy Group Chats:
Group Chats
Support for Group Chats (also known as XEP-0045: Multi-User Chat or MUC) has been wished for for a long time, and it was in the works for multiple years, culminating in something that is finally usable.
The recommended way to participate is to get invited into a Group Chat by a friend (unfortunately, inviting friends isn’t yet supported directly in yaxim). You will get an invitation notification and can participate:
Of course it is also possible to manually join a known MUC, however this behavior is frowned upon, because typing JIDs is boring:
A future release will provide a “seamless” flow to create groups for Cat Pictures, Christmas planning or Business Matters, and help you invite all the right people, as outlined in Easy Group Chats.
Android Auto (and Wear)
To improve the usability of yaxim in more-mobile-than-mobile scenarios, we have added support for Android Auto and Android Wear. If you connect your Auto/Wear enabled device to your smartphone and install the appropriate companion app, you will be able to receive message notifications from yaxim and respond accordingly.
Android Auto will display the sender and read aloud the message content, allowing to dictate a response or send back “I’m driving”:
On Wear, you can read the actual message, dictate the response or jump into the app:
P.S: Starting with Android 5 and Auto 2, you can run AA directly on your phone screen when using an appropriate phone mount.
New Design
Consistent with the new yax.im look featuring Yaks, we have redesigned the app logo and branding:
Notifications also include the new icon, so the time of the red-white-yellow ninja chicken is over:
What’s Next
It might be a bit pathetic to outline the future plans in a release that has taken over two years to complete, but still, it’s important to share our thoughts and ideas.
Let’s first recapitulate our past promises from 0.8.6 and 0.8.7:
We have finally tackled MUCs (as asked in 2011 and promised in 2013) \o/
It looks like Android tablets aren’t much of a thing, and neither is Android TV. There hasn’t been much demand regarding big screen support, and there are no current plans.
End-to-end encryption is now called XEP-0384: OMEMO (#197), we will address it in a future release. Hopefully. Just run your own private and trusted server already!
The XMPP world has changed in the last two years. The most important plans now are:
Make XMPP even easier (and improve yaxim accordingly)!
Implement XEP-0363: HTTP File Upload: #196 - high priority!
Implement XEP-0313: Message Archive Management: #98 - medium priority
Implement User Avatars - maybe…
Boring maintenance work (Currently yaxim uses content providers and databases for everything, including user presence. This makes for a very laggy experience when connecting, and needs to be cleaned up. This will be a major redesign of the internals, but it will make future improvements much easier and faster).