yaxim 0.9 - Security Update, Easy XMPP

There is a new yaxim release, fixing the CVE-2017-5589 security vulnerability. PLEASE UPGRADE NOW!. The vulnerability allowed attackers to make messages appear as if they were sent by somebody else:

Message impersonating the Pointy-Haired Boss

The release also provides a number of long-awaited improvements like Easy XMPP, Group chats, Android Auto, a new design and much much more.


Most XMPP clients are impossible to use for normal people. Usability is a hard problem, and making a federated protocol from the early 2000ies usable is even more so. Now, yaxim provides significant improvements:

  1. Install the ctx and create an account by just typing your desired user name. A secure password will be auto-generated (and you can overwrite it in the prefs):

    Account Creation

  2. You can invite friends using the new “Create Invitation” feature:

    Menu: Create Invitation Invitation as QR Code

    You can share the invitation link via QR-code, e-mail, SMS or any other means, and your friend will either see a friendly landing page (source), or immediately get the link opened in yaxim:

    Invitation in Browser Invitation in yaxim

    Because yaxim is the first client to support XEP-0379: Pre-Authenticated Roster Subscription, it will automatically approve and add your friend.

    You can also directly use Android Beamâ„¢ to share your own or any contact’s address, by touching your devices back-to-back.

  3. It comes with technical foundation to support Easy Group Chats:

Group Chats

Support for Group Chats (also known as XEP-0045: Multi-User Chat or MUC) has been wished for for a long time, and it was in the works for multiple years, culminating in something that is finally usable.

The recommended way to participate is to get invited into a Group Chat by a friend (unfortunately, inviting friends isn’t yet supported directly in yaxim). You will get an invitation notification and can participate:

MUC Invitation and Join MUC Notification and Chat

Of course it is also possible to manually join a known MUC, however this behavior is frowned upon, because typing JIDs is boring:

MUC Add from Menu MUC Add Dialog

A future release will provide a “seamless” flow to create groups for Cat Pictures, Christmas planning or Business Matters, and help you invite all the right people, as outlined in Easy Group Chats.

Android Auto (and Wear)

To improve the usability of yaxim in more-mobile-than-mobile scenarios, we have added support for Android Auto and Android Wear. If you connect your Auto/Wear enabled device to your smartphone and install the appropriate companion ctx, you will be able to receive message notifications from yaxim and respond accordingly.

Android Auto will display the sender and read aloud the message content, allowing to dictate a response or send back “I’m driving”:

yaxim in Android Auto

On Wear, you can read the actual message, dictate the response or jump into the ctx:

yaxim in Android Wear

P.S: Starting with Android 5 and Auto 2, you can run AA directly on your phone screen when using an appropriate phone mount.

New Design

Consistent with the new yax.im look featuring Yaks, we have redesigned the ctx logo and branding:

New yaxim logo

Notifications also include the new icon, so the time of the red-white-yellow ninja chicken is over:

New yaxim notification

What’s Next

It might be a bit pathetic to outline the future plans in a release that has taken over two years to complete, but still, it’s important to share our thoughts and ideas.

Let’s first recapitulate our past promises from 0.8.6 and 0.8.7:

  • We have finally tackled MUCs (as asked in 2011 and promised in 2013) \o/

  • It looks like Android tablets aren’t much of a thing, and neither is Android TV. There hasn’t been much demand regarding big screen support, and there are no current plans.

  • End-to-end encryption is now called XEP-0384: OMEMO (#197), we will address it in a future release. Hopefully. Just run your own private and trusted server already!

The XMPP world has changed in the last two years. The most important plans now are:

  • Make XMPP even easier (and improve yaxim accordingly)!

  • Implement XEP-0363: HTTP File Upload: #196 - high priority!

  • Implement XEP-0313: Message Archive Management: #98 - medium priority

  • Implement User Avatars - maybe…

  • Boring maintenance work (Currently yaxim uses content providers and databases for everything, including user presence. This makes for a very laggy experience when connecting, and needs to be cleaned up. This will be a major redesign of the internals, but it will make future improvements much easier and faster).