back to article End-to-end encryption? In Android's default messaging app? Don't worry, nobody else noticed either

Google is rolling out end-to-end encryption in the unloved and unwanted Android Rich Communication Services, as part of a renewed hope people might use messaging services controlled by the Chocolate Factory. The rollout seems to be a last roll of the dice for RCS, which began life as the telco industries’ SMS killer – or, more …

  1. Martin Summers

    On an Android phone, just use Signal. You can make it your default messaging app and it just works. Sick of seeing RCS coming up begging to be enabled on work phones I've had to deploy recently. Google are too late to the party for OTT messaging just like they were with Google+

    I will also only ditch WhatsApp if it slips further down the greasy Facebook pole.

    1. Chewi

      +1 for Signal. I actually installed it to replace the stock SMS app more than to communicate with other Signal users, the latter of which I can count on the fingers of one hand. It excels at both.

    2. Robert Carnegie Silver badge

      I just put WhatsApp on my iPhone but I wasn't pleased that apparently I'm sharing my phone contacts with them. Of course basically that's how it works, message senders are identified in their network by the phone number in international format, and I'm a bit surprised to see which of my phone book are also apparently on WhatsApp. They too probably know now that I am. But I presume it's only me who has number 555-6789 down as Mrs Whatsit across the road, and not everyone else who has WhatsApp. I presume, but as far as I could see, it doesn't say. What if she's wanted by police for organising inconvenient demonstrations, or indeed for complaining about the police?

      1. Mage Silver badge
        Coffee/keyboard

        Re: WhatsApp

        It's Facebook.

        One of the top 2 or 3 anti-privacy weasels in the world.

    3. jason 7

      I and a few friends that tried it never got on with Signal. Messages would arrive hours or even days late for some reason. Did all the usual attempts to fix it to no avail. Just really unreliable. Carrier pigeon would have been more effective.

      Shame cos otherwise is was a cool app but instant messaging it was not. Moved over to Whatsapp and that just works. I also use RCS/SMS for customers and just direct messages.

      1. Martin Summers

        Odd cos I've never had that issue. Like the poster above I've only installed it to replace the stock app. Only a few people I know have it but use Signal in preference. If WhatsApp do integrate deeper with its parent then I will try my best to persuade people off it. I'm under no illusion that effort will probably fail as a majority of people see no issue with Facebook.

        1. ThatOne Silver badge
          Devil

          > Odd cos I've never had that issue.

          Me neither. It's instantaneous (easy to check since you can tell it to notify you when/if the other person(s) read your message, and also when they start typing an answer).

          You either tried a very early version, there were network issues where you live, or your messages were intercepted for examination and archival...

          1. Martin Summers

            Normally people with Android phones complain about delays in notifications because they've not stopped the app going to sleep and being battery optimised. Admittedly app developers could do more to ask for that permission to be given. I've just checked though and Signal is automatically not optimised if you've set it as the default messaging app.

            1. jason 7

              This was both Android and Apple. I even checked all the usual suspects like battery/sleep but nope. Just really bad performance. Sometimes it was instant, the next message a few seconds later would vanish for several minutes or hours. Not just my phone but also on the Apple ones too. Just not what you want from a instant message app. Other apps we tried...worked fine.

              This was 18 months ago over a few months.

          2. mmccul

            I had to give up on Signal when messages to a group chat were sent at one time, received by a second phone within two minutes, but the third phone did not get the message until literally the next day, even though the phone in question was in use. It was just far too unreliable.

            1. jason 7

              Ahhh glad I'm not the only one.

            2. Anonymous Coward
              Anonymous Coward

              Your experiment data would suggest that the problem was with the "third phone", not with Signal.

              1. jason 7

                ...who knows...just wasn't a 'instant' experience.

    4. leexgx

      No avg person is going to use signal because it doesn't come with the phone by default (samsung message and Google message does) and rcs is going to replace sms

      WhatsApp is the exception because most people has it to send photos for free (where as its 20-70p to send a mms)

    5. Phil Kingston

      What about distancing yourself from your mobile number totally and using something like Session

    6. schultzter

      No desktop SMS

      I've tried Signal a few times but it always comes up short. There's no Chromebook client (even though it's just an Electron app) and SMS from the desktop isn't supported. Ultimately my contacts are using SMS or Messenger (which I can do from Insta now and soon WhatsApp) so the argument for Signal is limited.

  2. Anonymous Coward
    Anonymous Coward

    I've done this in a job years ago.

    When you can watch encrypted communications, even if you can't be bothered to read them, you can learn a lot by looking at the origin and destination, the length of the message, the time that it was sent, the speed at which the receiver replies, and everything that you know about the receiver. All Google has to do then is analyze everything that the sender and receiver does ... all things they have access to via standard user terms and conditions, and then update their database , and serve them and their related contacts an advert.

    1. StrangerHereMyself Silver badge

      Re: I've done this in a job years ago.

      There's not that much you can learn from looking at random characters.

      1. Hardrada

        Re: I've done this in a job years ago.

        I'm not sure how vulnerable modern ciphers are to this, but messages with predictable format or contents used to be a lot easier to break. And at that point I believe the attacker has your current key also. So the next time your correspondent writes "how r u?" or "where u at?," maybe mind your words until the next key exchange...

        1. A random security guy

          Re: I've done this in a job years ago.

          Which is why you have a random IV in front of the message ... however, you can guess a lot based on the length of the message and the context. I totally agree with you that you can figure out a lot.

  3. bazza Silver badge

    There's Nothing Fundamentally Wrong With The Idea Behind RCS

    We all have SMS, an upgrade that was a neutral as SMS would be quite nice.

    1. AJ MacLeod

      Re: There's Nothing Fundamentally Wrong With The Idea Behind RCS

      I agree... the biggest problem really is the lack of universality and if Apple were more disinterested it would have been the "new SMS" long ago.

      I won't use Signal as it requires me to sign up with a phone number... Matrix seems to be the best alternative, I have a Synapse server running and the Element Android and mobile clients seem fine.

      1. Anonymous Coward
        Anonymous Coward

        Re: There's Nothing Fundamentally Wrong With The Idea Behind RCS

        "I won't use Signal as it requires me to sign up with a phone number..."

        Even though, intrinsically, SMS and RCS also require you to use your phone number as your account identifier?

        (But I agree, one thing that would make Signal even better would be if it were possible to use something other than your phone number as your account id. Many people have asked fot it…)

        1. ThatOne Silver badge

          Re: There's Nothing Fundamentally Wrong With The Idea Behind RCS

          > I won't use Signal as it requires me to sign up with a phone number

          If you're that privacy-minded you use burner phones anyway. Signal requires a telephone number, not an identified telephone number. So get yourself another burner phone, and only ever use it for your Signal communications.

          1. Hardrada

            Re: There's Nothing Fundamentally Wrong With The Idea Behind RCS

            "Signal requires a telephone number, not an identified telephone number."

            Some Yankee carriers make it tricky to activate a SIM without registering by name, and they're likely under regulatory pressure to that end.

            I think Telegram still allows registration without a phone number, whereas WhatsApp is the polar opposite; their app must be running on the phone associated with the account and talking to their servers before you can log in from a desktop.

            I wouldn't be surprised if they try to block Tor, and keep in mind that on iPhone you'd also need to anonymize the developer ID checks that happen every time an app opens.

        2. AJ MacLeod

          Re: There's Nothing Fundamentally Wrong With The Idea Behind RCS

          "Even though, intrinsically, SMS and RCS also require you to use your phone number as your account identifier?"

          Yes... RCS is a better SMS (roughly as good as BBM was for years) but if we're to replace these "legacy" methods of communication it'd be far better to replace them completely and not be tied to outmoded things like phone numbers or servers owned by one or more big corporations (there's no option for self-hosted Signal as far as I could see?)

          In the meantime, for the bulk of my contacts I'll just continue to use SMS (and RCS where the recipient's device supports it) because it's there and more-or-less works for now.

      2. leexgx

        Re: There's Nothing Fundamentally Wrong With The Idea Behind RCS

        Apple will have to support rcs as it's going to replace Sms in next 10 years, apple have their chance to allow iMessage to work on Android and they never made an app for it

  4. StrangerHereMyself Silver badge

    Just another Google project

    Which will suddenly shut down without notice.

    Seriously, no one cares about RCS. If Google's really interested in the chat market they should just spend a couple billion buying Telegram or some other moderately popular chat app and build on that.

    They've spend years on multiple offerings which all fell flat on their faces and were subsequently disbanded or merged. None has gained any traction whatsoever. It didn't really cost them a lot of money but it didn't get them anywhere either.

    If they're serious on entering the communications market they should just splurge some cash and buy an incumbent.

    1. leexgx

      Re: Just another Google project

      Rcs is going to replace sms so it won't shutdown and eventually it's the mobile providers that will have the servers which some of them do already

      Google rcs servers are forcing mobile operators to depoy their own servers (as mobile operators don't have control of the rcs system when Google is hosting it and companies like nsa can't intercept the messages if the mobile operator doesn't have their own RCS server)

      1. stiine Silver badge

        Re: Just another Google project

        If you think the FBI/CIA/NSA don't have hooks in Google as deep as they have in ATT/Verison/T-Mobile-US, then I'd really like to know what meds you're on because they appear to be working wonderfully.

      2. StrangerHereMyself Silver badge

        Re: Just another Google project

        So who's using SMS these days?

        Except for some spam sent by my mobile operator and a few stalwarts stuck in the 90's I never use it, and neither does 98% of the population.

        1. Anonymous Coward
          Anonymous Coward

          Re: Just another Google project

          Plenty. It's used for 2FA everywhere And still very useful in areas with poor coverage.

          Also free incoming SMS when roaming is still extremely useful if there's no wifi or 3G/4G coverage. Or roaming data or voice charges are too high, Or your local SIM data allowance has run out or ...

          It's only the US that had a problem with SMS. Did people have to pay for incoming as with voice calls? Also problems with SMS between networks that the rest of the world didn't have as soon as networks realised the potential revenue stream if enabled...?

          1. StrangerHereMyself Silver badge

            Re: Just another Google project

            For 2FA SMS is being deprecated and being replaced by authentication apps. Soon it will be more or less banned.

            1. kiwimuso

              Re: Just another Google project

              Really? Who told you that?

              Incidentally, I use SMS all the time for brief messages, as do 100% of my friends.

              I tried to remove myself from a family group on Messenger, which could be used as an alternative except for the reason I removed myself. My phone was constantly pinging because someone had put something on Messenger which was nothing to do with me, and then lots of people started adding their 2 cents worth. Bloody drove me mad.

              I was then reinstated by one of the family because I was "one of the family" so I turned off notifications, so now I have peace and quiet. The downside is I miss out on some of the news, but as we use SMS or an actual phone call to communicate one-on-one, it's not a great loss.

  5. Tony W

    Ts & Cs

    Started to update Messages on my Android phone, glanced at the Ts & Cs, and aborted installation. The old SMS app works perfectly well.

    1. stiine Silver badge

      Re: Ts & Cs

      Can you tell us why, to save the rest of us the trouble?

  6. Adair Silver badge

    Just for the record ...

    may I put in a plug for Delta Chat.

    Basically: not reliant on a central server, simply piggy backs on the email system, but with peer to peer encryption. Still works with non-DC clients at the other end, just without encryption.

    Simple. Works.

  7. Henry Wertz 1 Gold badge

    Targeted how?

    So, do tell, if my RCS communications are end-to-end encrypted, what are they going to use to target targeted ads? Second, at least in US, virtually all sms advertising is illegal, and I doubt the courts will accept some "well, yes, it appeared in the text app but technically it's RCS not SMS carrying the text." The disadvantage (for them) from getting this baked in as a text replacement rather than yet another messaging app.

    1. Anonymous Coward
      Anonymous Coward

      Re: Targeted how?

      They are little interested in the message contents, but the message endpoints, time, frequency and location still deliver interesting data... moreover the telephone number is a pretty unique identifier, as most people don't change it for a long time.

  8. This post has been deleted by its author

    1. schultzter

      Re: Hey remember Hangouts?

      Ahhhhh, Hangouts!

      Remember Google Talk?

      If Google had kept using an open protocol and rolled in SMS, Photos, and Docs messages they could have had the killer messenger that actually purple wanted to use for real reasons!

  9. A random security guy

    How do we know that one of the keys used for decryption doesn't belong Google

    I can think of several schemes where one of the keys is a Google key. It can be done directly (N + 1 keys, where N is the number of users, and 1 google user) or with mathematics where you can derive Google's key using some Galois field math.

    Google may claim it is doing for legal reasons. It reminds me of the Clipper system.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like