All Users of Google Messages Should Upgrade to a Different Application due to RCS Warnings
All Users of Google Messages Should Upgrade to a Different Application due to RCS Warnings
As the consequences of Chinese cyber attacks on U.S. telecommunications networks continue to resonate through the tech industry, there's been bewilderment among users about what's secure and what's not. This confusion is most prominent when it comes to how Android and iPhone devices communicate via their built-in messaging apps.
Google has been consistently working towards effortless, cross-platform messaging, having successfully persuaded Apple to incorporate RCS into iMessage. However, this compatibility doesn't equate to the security offered by platforms like Signal, WhatsApp, and even Facebook Messenger. This realization has now come back to bite them.
The Cybersecurity and Infrastructure Security Agency (CISA) has advised Google Messages users to "only use RCS if end-to-end encryption is enabled." If all parties involved are using Google Messages, your conversation will be end-to-end encrypted. But if not, then it isn't. This means if you're messaging an iPhone, or vice versa, you'll need to opt for an alternative method.
This advise was subtly hinted at when the FBI and CISA cautioned Americans to use encrypted platforms for messaging and even voice/video calls. However, this advisory has now been made clear as daylight. The U.S. cyber agency "recommends an end-to-end encrypted messaging app that is compatible with both iPhone and Android operating systems, allowing for text message interoperability across platforms."
Ideally, such apps should provide clients for desktop platforms and the web. CISA also suggests "these apps typically support one-on-one text chats, group chats with up to 1,000 participants, and encrypted voice and video calls. Additionally, they may include features like disappearing messages and images, which can enhance privacy."
CISA acknowledges Signal as one such app, which is relatively smaller than market-leader WhatsApp. However, when selecting an end-to-end encrypted messaging app, CISA advises to "evaluate the extent to which the app and associated services collect and store metadata," which might explain their preference. Services like WhatsApp collect considerably more metadata than Signal.
Apple users are no strangers to this dilemma. It's impossible to use iMessage without knowing what's secure and what's not—blue bubbles versus green bubbles. But it's more complex with Google messages, which disguises that it's RCS that's secure, not Google's deployment within Google Messages. Even messaging within the Android ecosystem from Google Messages to another app isn't fully secure.
While CISA seems to favor Signal, WhatsApp is also suitable for daily use, "albeit you need to keep metadata capture in mind." We're still waiting for the promised RCS update that will incorporate end-to-end encryption, which could change this recommendation. But we've been warned it's at least a few months away—so consider using something else.
The FBI has expressed concerns about potential vulnerabilities in FBI encryption when it comes to deciphering messages sent on Android devices, as a result of alleged activities by a 'hacker telco' with ties to Chinese hackers.
The ongoing debate about the security of Google Messages has led to an Android warning, urging users to update their messages to include 'fbi texting' capabilities with end-to-end encryption, to safeguard against potential cyber threats.
As Typhoon Salt, a powerful cyber security storm, approaches, experts are recommending the use of encrypted messaging apps, like Signal, to protect against potential cyber attacks, especially during natural disasters, when critical information may be exchanged.