If you’re a Google Messages app user on your Android smartphone, you’ll probably have the RCS update designed to bring standard text messaging into the current century. RCS is now available in all major countries except China, Russia and Iran. Based on standard SMS features, this is added chat functionality to compete with WhatsApp and iMessage. But in truth, it does not compete at all. There is an obvious problem that does not seem to be fixed properly at any time. This is now bad enough that you now need something else.
The question, of course, is end-to-end encryption. Six months ago, there were reports that Google was developing this security level to upgrade RCS. From this week this is now finally available for public beta testing. On the surface, it intends to provide Android users with an iMessage alternative. But there’s an open problem – and it’s a deal breaker. This implementation of end-to-end encryption on RCS is not available for groups – it’s apparently too complicated to handle right now. And there is also no word yet on when this limited upgrade might be rolled out.
With that in mind, Android users should opt for another iMessage-like alternative. Fortunately, there is a simple solution available now. While its standard messenger is not standard-encrypted from end to end, Android allows users to choose an alternative standard messenger that does. Signal is the best secure messenger available. And while the installation base is modest compared to WhatsApp or iMessage, it is growing fast.
On iOS, users run encrypted iMessage and unencrypted SMS side by side within Apple’s standard app. You will be familiar with the blue and green text bubbles that distinguish between the two. On Android, you can select Signal as your default messenger, using Signal and SMS side by side, to deliver a similar user experience. This gives you the same experience as the end-to-end encrypted Android messages, except that it works for groups and does not require beta installations for all those you choose to send a message to. The latest production version of Signal is doing fine.
Like iMessage, you can see when your contacts are signal-enabled or when you are restricted to what it calls “insecure SMS.” This integration is only available on your smartphone. Signal does not offer its desktop capability for this integration. “We want to encourage users to move away from insecure older protocols,” it says say. But the desktop Signal app works fine for your encrypted messages.
When you switch from Android messaging, you lose the ability to send RCS messages to other RCS users. SMS within signal is only the basics of SMS. But Signal itself has the same rich chat functionality as other regular messengers, and you can encourage close friends, family and contacts to install the app. Signal used to be clumsy, but that has now changed as it targets the mainstream with enhanced functionality, making it a viable standard messenger when it was not before.
When even though Facebook highly recommend To use end-to-end encrypted messengers, be aware. And while Facebook Messenger (ironically) is not close to adding this by default, it is “secret conversations” is available. More importantly, Facebook-owned WhatsApp is the world’s leading end-to-end encrypted platform and has all the functionality offered by iMessage and Google’s RCS rollout.
Many Facebook Messenger users on Android have already set it as their default messenger. While Facebook Messenger is not encrypted end-to-end by default, it is more secure than the fragmented SMS architecture powered by the networks. Yes, every time a recipient is only on SMS, this becomes a lot, but you will find many more of your contacts on Facebook Messenger than Signal. That said, using Facebook Messenger by default is a bad idea for a variety of reasons. Facebook is the hungriest data collector on your phone. Giving it your sms data makes little sense. WhatsApp does not allow to become SMS messenger on Android, which would have been ideal given its huge installation base.
So why is SMS so bad in terms of security? With SMS, your messages are encrypted between your phone and your network’s cell tower, preventing simple air migration. But when this message disappears in the network-to-network SMS architecture, all bets are turned off. Last year, a cyber attacks on global airlines was found and searched for text messages inside the networks as desired. And, Haaretz recently reported on another sophisticated attack on an Israeli network to intercept SMS traffic.
When Google’s RCS rollout gained traction last year, it became a cybersecurity company warned that RCS did nothing to address SMS vulnerabilities, and as such “exposes most mobile users to hacking.” The lack of security enhancements with Android Messages “enables hackers to intercept and manipulate communications through a DNS spoofing attack.” Google did not respond when asked if any of these issues have been resolved.
There’s more to iMessage than encrypting 1: 1 or group messaging within Apple’s ecosystem. Its innovative encryption architecture runs to several endpoints – e.g. Your iPhone, iPad and Mac, as fully developed apps do not scrape from the phone’s database. This network of a user’s trusted devices allows a live backup to run in iCloud, one that is end-to-end encrypted, which even beats WhatsApp’s unsecured backup capabilities and lack of multiple device support. There is a security warning with iMessage – if users back up their devices to iCloud, it saves a copy of the encryption key, but such backups are less relevant now with iCloud syncing and device-to-device transfer when upgrading.
Signal also offers multiple endpoint apps, you can run the app on your phone and laptop or desktop, even if there is no synchronization between these endpoints and no rolling, cross-platform backup option – Signal does nothing to compromise the integrity of its security. When you upgrade to a new device, you can create a backup and manually transfer the file above. If you’re still reluctant to install Signal and give it a try, keep in mind that Google’s new end-to-end encryption on RCS uses Signal’s encryption protocol – just like WhatsApp.
Despite its shortcomings, this Google move is welcome, especially given the growing threat of end-to-end encryption from lawmakers around the world. This initial beta solves the most striking problem with SMS and basic RCS – protecting your chats. But enabling cloud backups will break this level of security and store essentially decrypted messages, and there is no innovative multi-device handling architecture. The most obvious problem, however, is the lack of support for groups. Unless solved, this encryption is pretty pointless. Oh that is fixed, this advice may change. But until then, my recommendation is to use WhatsApp as your regular messenger – given its huge user base and despite its missing, and to select Signal as your default Android messenger to switch away from unsecured SMS and RCS wherever you can.