RCS will thankfully bring a number of long-missing features to those green bubble conversations in Messages, but Apple's proposed implementation has a murkier future when it comes to security.
The RCS standard will replace SMS, the protocol behind basic everyday text messages, and MMS, the protocol for sending pictures in text messages.
RCS has a number of improvements over SMS, including being able to send longer messages, sending high quality pictures, read receipts, typing indicators, GIFs, location sharing, the ability to send and receive messages over Wi-Fi, and improved group messaging.
Basically, it's a modern messaging standard with features people have grown to expect.
The RCS standard is being worked on by the same standards body that wrote the standard for SMS and many other core mobile functions.
Apple had previously said it wouldn't support RCS, but recently came around and declared that it will support sending and receiving RCS messages starting some time in 2024.
This is a win for user experience and interoperability, since now iPhone and Android users will be able to send each other rich modern text messages using their phone's default messaging apps.
On its own, the core RCS protocol is currently not any more secure than SMS. The protocol is not encrypted by default, meaning that anyone at your phone company or any law enforcement agent will be able to see the contents and metadata of your RCS messages.
The RCS protocol by itself does not specify or recommend any type of end-to-end encryption.
The only encryption of messages is in the incidental transport encryption that happens between your phone and a cell tower.
This is the same way it works for SMS. But what's exciting about RCS is its native support for extensions.
Google has taken advantage of this ability to implement its own plan for encryption on top of RCS using a version of the Signal protocol.
As of now, this only works for users who are both using Google's default messaging app, and whose phone companies support RCS messaging.
A user's phone company could actively choose to block encrypted RCS in a specific region or for a specific user or for a specific pair of users by pretending it doesn't support RCS. In that case the user will be given the option of resending the messages unencrypted, but can choose to not send the message over the unencrypted channel.
Google's implementation of encrypted RCS also doesn't hide any metadata about your messages, so law enforcement could still get a record of who you conversed with, how many messages were sent, at what times, and how big the messages were.
Despite those caveats this is a good step by Google towards a fully encrypted text messaging future.
Apple stated it will not use any type of proprietary end-to-end encryption-presumably referring to Google's approach-but did say it would work to make end-to-end encryption part of the RCS standard.
Ideally Apple and Google will work together on standardizing end-to-end encryption in RCS so that the solution is guaranteed to work with both companies' products from the outset.
Hopefully encryption will be a part of the RCS standard by the time Apple officially releases support for it, otherwise users will be left with the status quo of having to use third-party apps for interoperable encrypted messaging.
Interoperable, encrypted text messaging by default can't come soon enough.
This Cyber News was published on www.eff.org. Publication date: Wed, 31 Jan 2024 22:13:04 +0000