Well, as far as I can figure out, there's no authentication of the plain/cipher-texts? Just an attempt at blind decryption? [ed: encryption without authentication is almost always a bad idea - I'm not clear on what's the status of the various Android versions - but I think you should be able to use AES-GCM -- which of course is a stream cipher. Not sure if one would want to frame that in order to try to leak less info about message lengths or not. I suppose one might frame the plain-text messages in 1k blocks or something before encryption, and unwrap the padding after decryption (of an authenticated cipher).]