There are two major issues preventing this right now:
- Users who install the application outside of the Play Store do not receive timely software updates. The ability to provide users with rapid fixes for any vulnerabilities that are found is extremely important to the security of our software. Alternative app catalogs like F-Droid rely on a centralized trust model and necessitate allowing the installation of apps from unknown sources which harms Android's security for average users. Open WhisperSystems is developing an update framework that will allow distribution outside of the Play Store to happen in a responsible and secure fashion.
- Outside of Google's GCM, the fact is that there are no alternative push messaging frameworks for Android that can scale to the millions of users that TextSecure has. GCM requires Google Play. As a solution, Open WhisperSystems has added WebSocket support to the open source TextSecure server. This won't work as well as push messages that are sent via GCM, but it will provide a way for TextSecure to work outside of Google's GCM push messaging framework once support has been added to the client.
The SMS transport is also still fully functional in TextSecure v2 and has been updated to work with the new protocol. This will be another option for non-Google Android users once the first issue has been completely resolved. However, using SMS means leaking metadata to the telcos, which is arguably worse than having Google Play installed.
Open WhisperSystems has chosen to focus on serving the millions of users who have GCM capabilities before turning our attention to the small number of users who refuse to install Google Mobile Services. If you are interested in helping us add WebSocket support to TextSecure for Android, please get in touch on our mailing list.
We understand that this is an important issue for some of our users, and please be assured that we are working on it.
