End-to-End Encryption Coming for iPhone-to-Android RCS Messages

[MacRumors]

The GSM Association (GSMA), the organization responsible for developing the Rich Communication Services (RCS) standard, announced on Tuesday that it is working to implement end-to-end encryption (E2EE) for messages sent between Android and iPhone devices, though no specific timeline for the implementation has been provided.

The news comes on the heels of Apple's recent adoption of RCS with the launch of iOS 18, which replaced SMS with RCS messaging for texts sent to Android users. While the update brings improvements such as high-resolution media sharing, read receipts, and typing indicators, it notably lacks end-to-end encryption.

GSMA technical director Tom Van Pelt said that the next milestone for RCS Universal Profile is the "first deployment of standardized, interoperable messaging encryption between different computing platforms." This move aims to bridge a significant gap in cross-platform messaging security.

Currently, not all RCS providers offer E2EE. Google Messages, which enabled E2EE by default for RCS conversations last year, is one of the exceptions. Apple's proprietary iMessage system also features E2EE, but this protection does not extend to RCS messages.

The implementation of E2EE for cross-platform RCS messages would prevent third parties, such as messaging services or cell carriers, from viewing the content of texts. This added layer of security would also prevent state surveillance of citizens' RCS communications.

Article Link: End-to-End Encryption Coming for iPhone-to-Android RCS Messages

 

[centauratlas]

The question is going to be: will it be like iMessage where the keys are on device OR will it be like other systems where someone else holds the keys? (Some is better than nothing, but the devil is in the details).

 

[goobot]

Do the carriers have to support it to work cause if so good luck with that

 

[mcilwraith]

isn't WhatsApp totally encrypted? and its cross platform?

 

[The_Gream]

Pretty sure the lack of E2EE was one of the major reasons Apple wasn’t going to support it… but then some big country went and made it a requirement to support RCS.

 

[jasonsmith_88]

Phone numbers as addresses are terrible. They are short-lived, with laws requiring telcos to recycle “inactive” phone numbers within a matter of months. They are easily stolen by bad actors. Caller IDs are easily spoofed. They cease to work overseas, unless you pay exorbitant roaming fees. They change if you move countries.

All of these problems were solved decades ago by superior technologies such as email. And yet the world still revolves around phone numbers. I can’t even book a bus trip without being forced to provide a phone number. Let alone open a bank account, where I lose access to my money if any of the numerous issues I posted above occurs.

The world needs to stop using phone numbers as identification.

 

[StoneJack]

All android bubbles should be of rainbow pride colors

 

[.wojtek]

first deployment of standardized, interoperable messaging encryption between different computing platforms." This move aims to bridge a significant gap in cross-platform messaging security.

what an utter bullcrap...

 

[winxmac]

Not every mobile network/carrier supports RCS yet and now they are going to introduce RCS android to iOS E2E encryption?

For sure this will be available in a future major iOS update... Probably 2030 or later...

 

[McWetty]

It’s curious… why wasn’t E2EE part of RCS from the beginning?

 

[Scottsoapbox]

End-to-end encryption that works until it doesn't.

(fallback)

 

[ryan102]

Everyone still believing in E2EE? Just fancy language to make people feel better

 

[TimFL1]

The question is going to be: will it be like iMessage where the keys are on device OR will it be like other systems where someone else holds the keys? (Some is better than nothing, but the devil is in the details).

E2EE means the private key is stored on device and not the server. What the server holds are public keys, which are supposed to be shared for encryption (the private key is what your device holds and uses to decrypt content).


On topic: The article is misleading, Apple has yet to acknowledge and commit to supporting this, so you can‘t really phrase it as confirmed coming (Apple could alway say RCS stays at UP 2.4 on iOS).

 

[kalsta]

All of these problems were solved decades ago by superior technologies such as email. And yet the world still revolves around phone numbers.

I'd hardly call email a superior technology. Authentication features like SPF, DKIM and DMARC have been tacked on to try and patch an insecure system that makes it way too easy to spoof addresses, and even big companies like Microsoft still struggle to implement them properly.

Phone numbers as addresses are terrible. They are short-lived …

Only if you don't opt to transfer your number when you change providers. I've had the same mobile number since they first became a thing. (I even still have a 30 year old landline number that I transferred over to VOIP years ago.) And now I can use my mobile number to message other iPhone users securely, without the need to download and trust third-party apps. All up, I'd argue that's not too shabby an evolution of the humble old telephone number.

So I for one am looking forward to E2EE for cross-platform RCS messaging—if our Australian carriers ever get around to supporting it!!

 

[brofkand]

Pretty sure the lack of E2EE was one of the major reasons Apple wasn’t going to support it… but then some big country went and made it a requirement to support RCS.

No, they didn't support it because it is more reliable than SMS and gives a better user experience - and Apple doesn't want that. They use iMessage to build the walls around their garden 10 feet taller.

SMS is entirely plain text - at least RCS is encrypted in transit.

 

[brofkand]

It’s curious… why wasn’t E2EE part of RCS from the beginning?

The goal was to replace SMS, not build another Signal.

 

[foobarbaz]

isn't WhatsApp totally encrypted? and its cross platform?

Sure. But you need to agree to Meta's terms to use it.
A decentralized system like RCS is superior, IMO, but it's probably way too late.

The world needs to stop using phone numbers as identification.

I don't know about the world, but the US probably should stop issuing "regional" phone numbers to cell phones. In other countries you can keep your cell number for life.

 

[UliBaer]

Just actually USE Signal...

 

[roguedaemon]

Do the carriers have to support it to work cause if so good luck with that

That’s the problem, here in Australia the main telco is Telstra, and they don’t support RCS *at all* and have even expressed that they aren’t interested in it.

 

[Kottu]

SMS has been around since 1993. It’s a pity no one bothered about taking that technology further. Mobile operators were greedy so, keeping it up-to 160 characters was profitable for them. Operators can do nothing about iMessage or WhatsApp / Signal etc. But not giving support for RCS is profitable in many ways. Many companies do send SMS to their customers so, having RCS throughout all platforms will reduce their profits.

 

[cyanite]

The question is going to be: will it be like iMessage where the keys are on device OR will it be like other systems where someone else holds the keys? (Some is better than nothing, but the devil is in the details).

What "other systems"? It's not end-to-end if the private keys aren't private. Depending on the particular system, public keys may be exchanged in different ways. Typically the service provider facilitates this.

Pretty sure the lack of E2EE was one of the major reasons Apple wasn’t going to support it… but then some big country went and made it a requirement to support RCS.

I don't think there is any evidence of that. Apple supports SMS, which doesn't have encryption.

Phone numbers as addresses are terrible. They are short-lived

Oh? I had mine for more than 20 years now. I guess they are pretty long-lived for most people, at least here in Denmark.

It’s curious… why wasn’t E2EE part of RCS from the beginning?

It's a very old standard

Everyone still believing in E2EE? Just fancy language to make people feel better

Everyone can write random claims on the internet, like you did there.

 

[SmugMaverick]

Pretty sure the lack of E2EE was one of the major reasons Apple wasn’t going to support it… but then some big country went and made it a requirement to support RCS.

Please, SMS isn't E2EE either.

Apple just didn't want to because they're scummy, they love that Americans bully people over green bubbles.

China thankfully told them to get with the world or go home.

 

[kamyk35]

The GSM Association (GSMA), the organization responsible for developing the Rich Communication Services (RCS) standard, announced on Tuesday that it is working to implement end-to-end encryption (E2EE) for messages sent between Android and iPhone devices, though no specific timeline for the implementation has been provided.

The news comes on the heels of Apple's recent adoption of RCS with the launch of iOS 18, which replaced SMS with RCS messaging for texts sent to Android users. While the update brings improvements such as high-resolution media sharing, read receipts, and typing indicators, it notably lacks end-to-end encryption.

GSMA technical director Tom Van Pelt said that the next milestone for RCS Universal Profile is the "first deployment of standardized, interoperable messaging encryption between different computing platforms." This move aims to bridge a significant gap in cross-platform messaging security.

Currently, not all RCS providers offer E2EE. Google Messages, which enabled E2EE by default for RCS conversations last year, is one of the exceptions. Apple's proprietary iMessage system also features E2EE, but this protection does not extend to RCS messages.

The implementation of E2EE for cross-platform RCS messages would prevent third parties, such as messaging services or cell carriers, from viewing the content of texts. This added layer of security would also prevent state surveillance of citizens' RCS communications.

Article Link: End-to-End Encryption Coming for iPhone-to-Android RCS Messages

It sounds as though most carriers aren't supporting it or at least not supporting it properly, it looks one big mess, no wonder Apple was so reluctant to get involved.
I shall probably have it disabled and just carry on using WhatsApp (although I don't want to) with the few Android users I know

 

[icanhazmac]

isn't WhatsApp totally encrypted? and its cross platform?

WhatsApp = Zuck spyware.

 

[Sasparilla]

Nice to see this being added to the current RCS standard. The assumption is Apple would add this once its ratified into the standard and hopefully they will.

At that point it'll be time to go to a different color bubble for encrypted messages (iChat got blue bubbles with encryption), guessing they'll still want Blue for branding but Purple might not be bad for encrypted RCS.

It sounds as though most carriers aren't supporting it or at least not supporting it properly, it looks one big mess, no wonder Apple was so reluctant to get involved.
I shall probably have it disabled and just carry on using WhatsApp (although I don't want to) with the few Android users I know

Its entirely automatic in Messages and will fall back to SMS if RCS is not available. Just a free upgrade for you and your friends if its available, no need to turn it off.

It's a very old standard, however most countries had migrated en masse to WhatsApp to get around out of country calling / messaging charges and didn't bother with it. So RCS was the step up from SMS - so yeah its old. Each individual carrier had their own incompatible standard (the carriers thought they'd sell the extra features per message like SMS in the old days). Those places running it have mostly standardized on the version Google bought (Google had hosed all their prior chances at a default messaging app in Android and this was their last chance to not just have SMS as the base here in the U.S. and they got everybody in the U.S. and some other countries to line up on it, which is good for everyone as it raises the base messaging standard from the 1990's to the 2000's, which isn't insignificant).