New warning for billions of Google Messages customers
Republished on December 9 with a brand new FBI warning into encrypted messaging and a proof as to why RCS just isn’t safe between iPhone and Android, addressing person confusion after the current textual content messaging warnings.
Suddenly, it has all gone fallacious for Google Messages. After campaigning for years to see the conclusion of its “seamless messaging” dream, no sooner was it right here than it was gone. The query now’s whether or not there’s any probability it’ll ever come again.
Rather like a sluggish movement prepare crash, whereas Apple’s long-awaited adoption of RCS was shortly celebrated by Google, no sooner had it launched than it was being criticized for its awkward safety vulnerability—regardless of iMessage continuously lauding its end-to-end encryption, these inexperienced bubbles proceed to do with out.
Google and the GSMA had been quick to reply, promising end-to-end encryption for RCS is now within the works. But whereas which may have carried the day, alongside comes China to spoil the celebration. Its state-backed hackers, it appears, have damaged into US telco networks, underlying the very purpose Apple, Google and others insist on end-to-end encryption within the first place. With the FBI and CISA now each warning residents to make use of responsibly encrypted platforms, cross-platform RCS has taken an enormous hit. Even Samsung has warned customers that texting Android to iPhone lacks safety.
Apple has by no means made any secret of the truth that iMessage is just safe inside its personal walled backyard. It was Google pushing for cross-platform RCS, not Apple. And when it lastly launched with iOS 18, Google put out the general public messaging on non-blurry photos and different new options, Apple didn’t say a lot if something in any respect.
And so it’s Google Messages that should now choose up the items of this safety nightmare and work out what it does subsequent. How quick can RCS be upgraded to satisfy the “accountable encryption” bar set by these US authorities officers? How does Google or Apple push customers to ship fundamental RCS/SMS texts in opposition to the backdrop of these authorities warnings? How shortly will community confidence return?
But with timing being every part, the ultimate concrete block standing in the way in which of that RCS prepare may be Apple’s imminent iPhone replace—iOS 18.2. Much to everybody’s shock, the iMaker has determined to supply all its customers—not simply these in regulated Europe–the choice to vary their default apps. That means deciding on an over-the-tops like WhatsApp or Signal for default calls and messages for the primary time.
The 2024 RCS dream has taken successful, albeit whether or not or not it has been holed beneath the waterline stays to be seen. What is obvious is that this performs into the palms of Meta, which owns the world’s largest end-to-end encrypted messaging platforms, WhatsApp and Facebook Messenger, even when they’re not “responsibly” encrypted per the FBI’s terminology, which suggests lawful entry to content material when warranted.
For Google Messages customers defaulting to that platform when texting associates, household and colleagues, you now want a brand new app. If you don’t have WhatsApp or Messenger or Signal, then it’s best to set up one now. The choose of the bunch is WhatsApp, which finds the best steadiness between safety, performance and scale. You’ll more and more discover the individuals you message will have already got the app put in.
Keeping with the safety theme, to make sure the integrity of end-to-end encryption, you’ll want to do two issues. First, arrange WhatsApp (or an alternate) correctly. That means two-factor authentication and passkeys when accessible. Second, make sure you don’t take dangers with hyperlinks, downloads and app installs. Whatever messenger you employ, if an attacker takes management of your cellphone by way of malware or luring you to put in a malicious app, it’s as should you haven’t secured your content material in any respect.
The irony has continued for Google, with the information that Samsung is ditching RCS for tens of millions of its Galaxy customers nonetheless utilizing Samsung Messages and recommending they change to Google Messages. The Galaxy maker warned Verizon customers that “Samsung Messages will not help RCS after 1.6.2025. Switch to Google Messages to take care of the extra sturdy messaging you are used to.”
As Neowin stories, “this announcement confirms that Verizon customers counting on RCS by way of Samsung Messages might want to change to Google Messages to maintain superior options like learn receipts, typing indicators, and high-quality media sharing. Regular SMS and MMS will nonetheless work, however the enhanced expertise is tied to RCS.
Samsung has been backing away from its personal Messages app and pushing customers to Google Messages for some months, which was seen as one of many final steps within the consolidation of inventory messaging throughout the Android ecosystem on a single app. Add Apple’s adoption of RCS into the combination, and it did appear that each one the planets had been aligning for Google on the dual challenges of presenting a seeming iMessage equal for Android and in addition a seamless messaging expertise into iMessage to entice Android customers away from WhatsApp.
As Android Police defined within the fall, “Samsung switched to Google Messages in favor of its messaging app with the Galaxy S21 collection in Europe again in 2021. Since then, the corporate has slowly transitioned customers from Samsung Messages to Google Messages. The latter is the de-facto RCS messaging app for Android, with Google continuously bettering it with options like Gemini integration and full-screen results.” At that point homeowners of older Galaxy units had been additionally seeing prompts to modify.
Now, although, that doesn’t reduce it anymore—at the very least not when messaging cross-platform. There hasn’t been any actual response from encrypted platforms to the FBI and CISA warnings final week, however we will probably count on reminders out of WhatsApp that customers who haven’t switched ought to consider doing so now.
While the fast impression of the FBI’s textual content messaging warning was to push customers to encrypted platforms, there’s a new sting within the tail. The FBI has now confirmed to me that “regulation enforcement helps sturdy, responsibly managed encryption. This encryption ought to be designed to guard individuals’s privateness and in addition managed so U.S. tech corporations can present readable content material in response to a lawful courtroom order.”
This means pushing these safe platforms to supply content material when required by a courtroom warrant. This will add to person confusion on cross-platform RCS following the information headlines in current days. There has been plenty of on-line commentary on RCS typically and Apple’s deployment of the brand new texting protocol particularly, however the information stay quite simple and haven’t modified.
Salt Typhoon and the resultant FBI warning spotlight Google’s and Apple’s completely different attitudes to RCS. Per NBC, Android promotes this messaging as a key function. “Rich Communication Services (RCS) chats present an upgraded, wealthy messaging expertise… RCS chats present you when somebody is typing, supply learn receipts, allow you to share information and high-resolution photographs and extra.” While Apple takes a a special strategy. “Apple has mentioned that RCS messaging is a ‘carrier-provided service’.”
This is important and helps explains the yawning safety hole in messaging cross-platform and why Android customers want to think about different choices to securely message exterior the Android walled backyard.
Google describes RCS as “higher service messaging for everybody… Texting modified the way in which we talk, but it surely’s outdated. Today we would like messaging that lets us do issues like share high-res photographs and bigger information, chat with a bunch, know when messages are learn, or make video calls. RCS makes all this doable, and now the cell trade is coming collectively to deliver it to customers all over the place.”
And this isn’t a shock. Google basically took duty for driving RCS adoption away from the carriers given their sluggish progress, and as a substitute turned RCS as a substitute into an Android default beneath the covers of Google Messages. It then added a wrap of its personal options and its personal safety, which is why its end-to-end encryption is constructed on prime of RCS and isn’t a part of RCS.
Apple then again is rather more perfunctory. RCS just isn’t a key iPhone options and it reveals. Unlike Google, Apple describes RCS as textual content messaging and handles it as textual content messaging on its units. “When you employ iMessage,” it says, “your conversations are encrypted end-to-end, to allow them to’t be learn whereas they’re despatched between units.” But should you use RCS, then it’s very completely different. “If you aren’t utilizing iMessage, you should utilize RCS… With RCS, you possibly can ship texts, excessive decision photographs and movies, hyperlinks, and extra. RCS additionally helps supply and skim receipts and typing indicators. RCS messages seem in inexperienced textual content bubbles in your system.”
Apple describes RCS as “RCS textual content messages” and warns that its implementation “relies on the trade’s customary. RCS messages aren’t end-to-end encrypted, which suggests they don’t seem to be protected against a third-party studying them whereas they’re despatched between units.” This is true, however you possibly can see the distinction in tone. iMessage and RCS should not the identical, Apple just isn’t pushing RCS any greater than it pushed SMS.
And Apple goes additional, warning that RCS exposes person information past simply content material. “When your system connects to your mobile community, it communicates along with your service and their companions to arrange RCS. User identifiers are exchanged to your service and their companions to authenticate your system and supply a connection. These identifiers may embrace however should not restricted to your IMEI, IMSI, present IP deal with, and cellphone quantity. Your present IP deal with may also be shared with different RCS customers.” iMessage is completely different, it’s only a information stream to carriers.
As was broadly reported final yr when Apple u-turned on RCS, this appeared like a reluctant transfer. Google had pushed for this for years and Apple had resisted. But SMS is such an archaic know-how, that ultimately the improve was inevitable.
Google encrypts its personal RCS visitors with the open-source Signal protocol, which has change into one thing of an trade customary. WhatsApp and Facebook Messenger use the identical, as does Signal after all, the three most probably U.S. encrypted platforms customers will now flip to as a substitute of RCS. Apple makes use of a special encryption protocol for iMessage, however may undertake Signal for RCS and work instantly with Google to supply a safe wrap throughout iPhone and Android texting.
While RCS remains to be offered as a service service and RCS as a typical protocol, the truth is that with Android standardizing on Google Messages and iPhone customers having to make use of iMessage as their SMS/RCS shopper, there doesn’t should be a typical protocol, only a absolutely encrypted bridge between Google Messages and iMessage.
No signal of that occuring, by way of.
