New warning for billions of Google Messages customers
Republished on December 9 with a brand new FBI warning into encrypted messaging and an evidence as to why RCS isn’t safe between iPhone and Android, addressing person confusion after the current textual content messaging warnings.
Instantly, it has all gone mistaken for Google Messages. After campaigning for years to see the conclusion of its “seamless messaging” dream, no sooner was it right here than it was gone. The query now could be whether or not there’s any probability it’ll ever come again.
Relatively like a gradual movement prepare crash, whereas Apple’s long-awaited adoption of RCS was quickly celebrated by Google, no sooner had it launched than it was being criticized for its awkward safety vulnerability—regardless of iMessage continuously lauding its end-to-end encryption, those green bubbles continue to do without.
Google and the GSMA had been quick to reply, promising end-to-end encryption for RCS is now in the works. However whereas which may have carried the day, alongside comes China to spoil the celebration. Its state-backed hackers, it appears, have damaged into US telco networks, underlying the very motive Apple, Google and others insist on end-to-end encryption within the first place. With the FBI and CISA now both warning citizens to use responsibly encrypted platforms, cross-platform RCS has taken an enormous hit. Even Samsung has warned customers that texting Android to iPhone lacks safety.
Apple has by no means made any secret of the truth that iMessage is just safe inside its personal walled backyard. It was Google pushing for cross-platform RCS, not Apple. And when it lastly launched with iOS 18, Google put out the general public messaging on non-blurry photographs and different new options, Apple didn’t say a lot if something in any respect.
And so it’s Google Messages that should now decide up the items of this safety nightmare and work out what it does subsequent. How briskly can RCS be upgraded to fulfill the “accountable encryption” bar set by these US authorities officers? How does Google or Apple push customers to ship primary RCS/SMS texts towards the backdrop of these authorities warnings? How shortly will community confidence return?
However with timing being every little thing, the ultimate concrete block standing in the way in which of that RCS prepare may be Apple’s imminent iPhone replace—iOS 18.2. A lot to everybody’s shock, the iMaker has determined to supply all its customers—not simply these in regulated Europe–the choice to alter their default apps. Meaning choosing an over-the-tops like WhatsApp or Sign for default calls and messages for the primary time.
The 2024 RCS dream has taken a success, albeit whether or not or not it has been holed beneath the waterline stays to be seen. What is evident is that this performs into the fingers of Meta, which owns the world’s largest end-to-end encrypted messaging platforms, WhatsApp and Fb Messenger, even when they’re not “responsibly” encrypted per the FBI’s terminology, which implies lawful entry to content material when warranted.
For Google Messages customers defaulting to that platform when texting mates, household and colleagues, you now want a brand new app. Should you don’t have WhatsApp or Messenger or Sign, then you must set up one now. The decide of the bunch is WhatsApp, which finds the proper stability between safety, performance and scale. You’ll more and more discover the folks you message will have already got the app put in.
Preserving with the safety theme, to make sure the integrity of end-to-end encryption, you’ll want to do two issues. First, arrange WhatsApp (or another) correctly. Meaning two-factor authentication and passkeys when out there. Second, make sure you don’t take dangers with hyperlinks, downloads and app installs. No matter messenger you employ, if an attacker takes management of your telephone by means of malware or luring you to put in a malicious app, it’s as when you haven’t secured your content material in any respect.
The irony has continued for Google, with the information that Samsung is ditching RCS for tens of millions of its Galaxy customers nonetheless utilizing Samsung Messages and recommending they swap to Google Messages. The Galaxy maker warned Verizon customers that “Samsung Messages will not help RCS after 1.6.2025. Swap to Google Messages to keep up the extra sturdy messaging you are used to.”
As Neowin studies, “this announcement confirms that Verizon customers counting on RCS by means of Samsung Messages might want to swap to Google Messages to maintain superior options like learn receipts, typing indicators, and high-quality media sharing. Common SMS and MMS will nonetheless work, however the enhanced expertise is tied to RCS.
Samsung has been backing away from its personal Messages app and pushing customers to Google Messages for some months, which was seen as one of many final steps within the consolidation of inventory messaging throughout the Android ecosystem on a single app. Add Apple’s adoption of RCS into the combo, and it did appear that every one the planets had been aligning for Google on the dual challenges of presenting a seeming iMessage equal for Android and likewise a seamless messaging expertise into iMessage to entice Android customers away from WhatsApp.
As Android Police defined within the fall, “Samsung switched to Google Messages in favor of its messaging app with the Galaxy S21 collection in Europe again in 2021. Since then, the corporate has slowly transitioned customers from Samsung Messages to Google Messages. The latter is the de-facto RCS messaging app for Android, with Google continuously enhancing it with options like Gemini integration and full-screen results.” At the moment house owners of older Galaxy gadgets had been additionally seeing prompts to modify.
Now, although, that doesn’t reduce it anymore—at the least not when messaging cross-platform. There hasn’t been any actual response from encrypted platforms to the FBI and CISA warnings final week, however we will possible count on reminders out of WhatsApp that customers who haven’t switched ought to consider doing so now.
Whereas the rapid impression of the FBI’s textual content messaging warning was to push customers to encrypted platforms, there’s a new sting within the tail. The FBI has now confirmed to me that “legislation enforcement helps robust, responsibly managed encryption. This encryption ought to be designed to guard folks’s privateness and likewise managed so U.S. tech firms can present readable content material in response to a lawful court docket order.”
This implies pushing these safe platforms to offer content material when required by a court docket warrant. This may add to person confusion on cross-platform RCS following the information headlines in current days. There was lots of on-line commentary on RCS usually and Apple’s deployment of the brand new texting protocol particularly, however the details stay quite simple and haven’t modified.
Salt Storm and the resultant FBI warning spotlight Google’s and Apple’s completely different attitudes to RCS. Per NBC, Android promotes this messaging as a key characteristic. “Wealthy Communication Providers (RCS) chats present an upgraded, wealthy messaging expertise… RCS chats present you when somebody is typing, supply learn receipts, allow you to share information and high-resolution images and extra.” Whereas Apple takes a a unique method. “Apple has stated that RCS messaging is a ‘carrier-provided service’.”
That is essential and helps explains the yawning safety hole in messaging cross-platform and why Android customers want to think about different choices to securely message exterior the Android walled backyard.
Google describes RCS as “higher provider messaging for everybody… Texting modified the way in which we talk, nevertheless it’s outdated. At this time we would like messaging that lets us do issues like share high-res images and bigger information, chat with a bunch, know when messages are learn, or make video calls. RCS makes all this attainable, and now the cellular trade is coming collectively to convey it to customers in every single place.”
And this isn’t a shock. Google basically took duty for driving RCS adoption away from the carriers given their gradual progress, and as a substitute turned RCS as a substitute into an Android default below the covers of Google Messages. It then added a wrap of its personal options and its personal safety, which is why its end-to-end encryption is constructed on high of RCS and isn’t a part of RCS.
Apple however is far more perfunctory. RCS isn’t a key iPhone options and it reveals. Not like Google, Apple describes RCS as textual content messaging and handles it as textual content messaging on its gadgets. “Whenever you use iMessage,” it says, “your conversations are encrypted end-to-end, to allow them to’t be learn whereas they’re despatched between gadgets.” However when you use RCS, then it’s very completely different. “Should you aren’t utilizing iMessage, you need to use RCS… With RCS, you’ll be able to ship texts, excessive decision images and movies, hyperlinks, and extra. RCS additionally helps supply and browse receipts and typing indicators. RCS messages seem in inexperienced textual content bubbles in your gadget.”
Apple describes RCS as “RCS textual content messages” and warns that its implementation “relies on the trade’s commonplace. RCS messages aren’t end-to-end encrypted, which implies they are not shielded from a third-party studying them whereas they’re despatched between gadgets.” That is true, however you’ll be able to see the distinction in tone. iMessage and RCS usually are not the identical, Apple isn’t pushing RCS any greater than it pushed SMS.
And Apple goes additional, warning that RCS exposes person information past simply content material. “When your gadget connects to your mobile community, it communicates together with your provider and their companions to arrange RCS. Person identifiers are exchanged in your provider and their companions to authenticate your gadget and supply a connection. These identifiers might embrace however usually are not restricted to your IMEI, IMSI, present IP handle, and telephone quantity. Your present IP handle may also be shared with different RCS customers.” iMessage is completely different, it’s only a information stream to carriers.
As was broadly reported final yr when Apple u-turned on RCS, this appeared like a reluctant transfer. Google had pushed for this for years and Apple had resisted. However SMS is such an archaic know-how, that ultimately the improve was inevitable.
This has all shone a brand new gentle on what’s encrypted and what’s not. John Gruber warns that the majority customers is not going to simply navigate Google’s RCS safety. “It’s shamefully deceptive,” he says, “Google Messages does help E2EE, however solely over RCS and provided that all contributors within the chat are utilizing a current model of Google Messages. However the second screenshot within the Play Retailer itemizing flatly declares ‘Conversations are end-to-end encrypted,’ full cease,” which he says isn’t true.
Google encrypts its personal RCS site visitors with the open-source Sign protocol, which has turn out to be one thing of an trade commonplace. WhatsApp and Fb Messenger use the identical, as does Sign after all, the three most probably U.S. encrypted platforms customers will now flip to as a substitute of RCS. Apple makes use of a unique encryption protocol for iMessage, however might undertake Sign for RCS and work straight with Google to offer a safe wrap throughout iPhone and Android texting.
Whereas RCS remains to be offered as a provider service and RCS as a typical protocol, the fact is that with Android standardizing on Google Messages and iPhone customers having to make use of iMessage as their SMS/RCS shopper, there doesn’t have to be a typical protocol, only a totally encrypted bridge between Google Messages and iMessage.
No signal of that occuring, by means of.
And so the issue, as Gruber explains, is that “a typical Android person with out technical experience who takes the recommendation (now coming from the FBI) to make use of end-to-end encryption for his or her messaging… would have a look at Google’s personal description of Google Messages and conclude that when you use Google Messages, all of your messages can be safe. That’s false. And relying who you talk with — iPhone customers, Android customers with previous gadgets, Android customers who use different textual content messaging apps — it’s fairly possible most of your messages gained’t be safe.”
