Do it’s essential to cease utilizing RCS?
This was the yr that messaging was to grow to be extra seamless, no more complicated. RCS coming to iPhone heralded the beginning of one thing thrilling and new, we had been instructed, however then the FBI warned that messages had been hacked and residents ought to cease texting and all the things all of a sudden modified. So, must you cease utilizing RCS?
RCS has a picture drawback, however it’s additionally not effectively understood. Put merely, RCS is only a new protocol for an enhanced type of service messaging. This successor to SMS provides the wealthy options we’re used to with IP messaging on platforms corresponding to WhatsApp and iMessage, however with the advantages of service messaging, together with working over a core mobile connection without having for an information connection as effectively.
RCS ought to have been adopted by each Android and iPhone when it launched some years in the past—however that didn’t occur. That meant that it turned an Android messaging improve, which in flip meant that Google took over duty from the carriers for its international rollout, and used it to drive adoption of Google Messages because the de facto texting shopper on Android, as a substitute of carriers and different OEMs having their very own.
Because Google pushed the RCS rollout by means of its Google Messages platform, it plugged gaps in RCS performance by including its personal wrapper to the expertise. While RCS at its core is only a service messaging protocol like SMS, Google’s proprietary wrapper builds on that for its personal customers. Above all, this enabled Google to repair RCS’s predominant weak point—safety, however just for its personal customers.
End-to-end encryption has grow to be tables stakes for telephone messaging. Popularized by iMessage and WhatsApp, it has now been adopted by different main platforms, even together with Facebook Messenger. Security consultants advocate solely utilizing platforms with this stage of content material safety on your day-to-day messaging.
Carrier messaging has by no means been end-to-end encrypted. Rather than message immediately from one telephone app to a different, these messages are routed throughout a patchwork quilt of mobile networks in the identical means as mobile calls. This implies that the apps at every finish could be completely different, so long as they use that very same RCS protocol. There is not any want for encryption keys to be shared or held, it’s an open customary.
Google’s repair was easy. It added end-to-end encryption to Google Messages, primarily a safe envelope inside which RCS messages might be transmitted. But that solely works if each “ends” are Google Messages. If one finish shouldn’t be, then it drops again to the usual RCS protocol and end-to-end encryption shouldn’t be used.
That was a non-issue when RCS was Android solely and Google was standardizing customers onto Google Messages. But as quickly as Apple added RCS to iPhone, that obvious safety difficulty turned a headline drawback. Suddenly, there have been a billion-plus new endpoints that had been RCS-enabled however which weren’t utilizing Google Messages.
Such was the storm of safety protests publish iOS 18 within the fall as this difficulty turned clear, that the cellular requirements setter—the GSMA—and Google introduced a repair within the works, an end-to-end encryption add-on to the usual RCS protocol. But how this may work or when this may arrive is unclear given the service complexity.
In actuality it’s not wanted. Pre Apple’s launch of iOS 18 there was just one RCS app that mattered—Google Messages. Post that launch, there are solely two that matter—Google Messages and iMessage. We don’t want a change to the RCS protocol—that appears utterly pointless. We simply want Apple and Google to construct a safe bridge between their messaging apps to deliver full encryption to iPhone-Android messaging.
This can be simply completed and there’s a well timed precedent which does precisely that. Driven by Europe’s Digital Markets Act (DMA), WhatsApp has constructed a third-party chat structure that allows different totally encrypted platforms to ship safe messages to WhatsApp and vice versa.
And whereas WhatsApp warns that this isn’t as safe as messaging inside its personal platform, the place it controls each ends of the end-to-end encryption, it’s far more safe that it will be with out that full encryption and it addresses the brand new menace highlighted by the FBI’s texting warning—it masks content material from service networks and as such can’t be hacked in the identical means as SMS or RCS.
There is one other precedent that additionally may give us hope right here. During the covid pandemic, Apple and Google collaborated on contact tracing warnings, offering an ordinary linkage between their two ecosystems. Bridging their messaging apps can be a lot simpler than that. This is a industrial difficulty, not a technical one.
No signal but of this occurring. But in a world the place America’s federal companies are warning customers to cease texting, one would hope minds will change for sensible causes if nothing else. Messaging safety has by no means been extra mentioned.
Apple’s personal warning on RCS is clear-cut. “When your system connects to your mobile community, it communicates together with your service and their companions to arrange RCS. User identifiers are exchanged to authenticate your system and supply a connection. These identifiers might embody however are usually not restricted to your IMEI, IMSI, IP deal with, and telephone quantity. Your present IP deal with may additionally be shared with different RCS customers.” And that applies to any utilization of RCS from iPhones—it’s by no means totally encrypted.
But it is best to nonetheless have RCS enabled in your iPhone or your Android, and on Android it’s essential to use Google Messages. You ought to not cease utilizing RCS. It’s safer than SMS, however its points. But it is best to nonetheless deal with RCS messaging in a lot the identical means as you handled SMS beforehand. Don’t textual content something personally delicate or safety associated, don’t textual content bank card numbers or different monetary knowledge, don’t use it to ship confidential enterprise data, particularly given the prepared availability of totally encrypted platforms to make use of as a substitute.
