Stark new warning for anyone sending texts
All change for iPhone users. This year has already seen the biggest shift in texting in a decade, with Apple’s long-awaited adoption of RCS. And next month it will change again, with iPhone users being able to change default messaging apps. But there’s a serious new warning that iPhone and Android users need to be careful what they text.
While Apple has introduced RCS, it has adopted the standard protocol which does not yet include the end-to-end encryption that protects Google Messages between Android users, iMessages between Apple users, or the likes of WhatsApp. It could have provided an integration layer with Google Messages to provide this security from launch, but that was not done leaving users at risk.
Google and Samsung have just issued a range of odes to RCS, celebrating that it now bridges the Android-iPhone gap. But hidden in a footnote is recognition of that glaring issue. “Samsung and Google welcome a new era of more seamless, cross-platform messaging,” it says. “With the latest version of iOS supporting RCS, the benefits are available beyond the Android ecosystem,” but warns that “encryption is only available for Android to Android communication.” Put very simply—this means your texts can be intercepted and read by others.
Timing is everything, and this comes just as the lack of security with general cellular text messaging has been thrust into the headlines yet again, this time by the latest allegations of Chinese hackers running riot across various networks.
As one US Senator warned on Friday, these Chinese hackers now “have access to every single one of our major telecommunications companies. They have broken in. They can read your texts, and they can hear your conversations. It’s just a matter of who they want to listen to and who they don’t.”
This follows revelations that China’s “Salt Typhoon,” a group “closely linked to China’s Ministry of State Security,” has infiltrated US networks, lurking undetected “for more than a year.” While the Senator’s rhetoric is overplayed, at least as regards everyday users of little interest to China’s state spies, the raw facts are that content—whether voice, text or data—is either encrypted end-to-end or it’s not.
SMS messaging is not much better than open data transmitted across open networks. RCS is better, but still subject to the vagaries of the patchwork quilt of cellular networks across which your content is transmitted.
There is clearly a warning for iPhone users, and as I have suggested, they’d be well advised to using WhatsApp or another fully encrypted over-the-top platform, and setting that as their default messenger when enabled with iOS 18.2.
But this is also a warning for Android users. There’s a push for Google Messages to be the standard across the entire Android ecosystem, with Samsung now backing away from its own alternative in favor of Google’s. “We have worked hard for years to make RCS the standard for improved cross-platform messaging, and Samsung has been instrumental in the growing adoption of RCS,” Google’s Sameer Samat has said.
But security has been underplayed and will now come home to bite. It should have been a cornerstone of iMessage’s iOS 18 update and there should not have been the cross-platform RCS push and campaign until that was done. This has played—rightly—into the hands of WhatsApp, which continues to play the security card endlessly.
The GSMA mobile standards setter and Google have promised that end-to-end encryption is coming to RCS, albeit with no timeline and a feeling that this is a reaction to the iOS 18 security weaknesses making headlines. Apple is silent on this and has since surprised users with iOS 18.2’s default app option.
And so heed Samsung’s warning, whether you’re on Android or iPhone. Green bubbles are still green for a reason, unfortunately.
