If you use the Google Messages app on your Android smartphone, you’ll likely have the RCS update that’s meant to bring standard text messaging into the present century. RCS is now available in all major countries except China, Russia and Iran. Building on standard SMS capabilities, this adds chat feature to compete with WhatsApp and iMessage. But, in truth, it does not work together at all. There is a glaring problem that does not appear to be properly addressed anytime soon. Now it’s bad enough for you to use something else.
The problem, of course, is end-to-end encryption. Six months ago, reports revealed that Google was developing this level of security to upgrade RCS. Since this week, it is now finally available for public beta testing. On the surface, its intention is to provide Android users with an alternative to iMessage. But there is a glaring problem – and it is a deciding factor. This deployment of end-to-end encryption over RCS is not available for groups – it seems too complex to manage at this time. And it’s not yet clear when this limited upgrade might roll out.
With that in mind, Android users should go for a different iMessage-like alternative. Fortunately, there is now a simple solution. While its standard messenger is not end-to-end encrypted by default, Android does offer users the option of selecting a different default messenger that does. Signal is the best secure messenger available. And although its installation base is modest compared to WhatsApp or iMessage, it is growing rapidly.
On iOS, users run encrypted iMessage and unencrypted SMS side-by-side in Apple’s default app. You will be familiar with the blue and green text bubbles that make the two different. On Android, you can select Signal as the default messenger, using Signal and SMS side by side, to provide a similar user experience. This will give you the same experience as end-to-end encrypted Android messages except that it will work for groups and won’t require beta installations for anyone you choose to send messages to. The latest production version of Signal will do just fine.
Just like iMessage, you will be able to see if your contacts are enabled by Signal or when you are limited to what it calls “unsecured SMS”. This integration is only available on your smartphone. Signal does not offer its desktop option for this integration. “We want to encourage users to move away from old, insecure protocols”, said. But the Signal desktop app will work fine for your encrypted messages.
By switching from Android Messages, you will lose the ability to send RCS messages to other RCS users. SMS in Signal are just the basics of SMS. But Signal itself has the same rich chat functionality as other mainstream messengers, and you can encourage your close friends, family, and contacts to install the app. The signal used to be clunky, but that has now changed as it targets the general public with enhanced functionality, making it a viable default messenger when it previously wasn’t.
When even Facebook strongly advise you must use end-to-end encrypted messengers, you must take note of this. And while Facebook Messenger (ironically) falls short of adding it by default, its “secret conversations” are available. More importantly, Facebook-owned WhatsApp is the world’s leading end-to-end encrypted platform and has all of the features offered by iMessage and Google’s RCS deployment.
Many users of Facebook Messenger on Android have already set it as their standard messenger. Although Facebook Messenger is not end-to-end encrypted by default, it is more secure than the fragmented SMS architecture operated by networks. Yes, whenever a recipient is text only it becomes moot, but you’ll find a lot more of your contacts on Facebook Messenger than Signal. That said, using Facebook Messenger by default is a bad idea for a number of reasons. Facebook is the most power hungry data acquirer on your phone. Providing him with your SMS data doesn’t make sense. WhatsApp does not offer an option to become the SMS messenger on Android which would have been ideal given its huge setup base.
So why are SMS so bad from a security standpoint? With SMS, your messages are encrypted between your phone and your network cell phone tower, avoiding a simple live interception. But once that message disappears in the network-to-network SMS architecture, all bets are off. Last year a cyberattack against global carriers was found looking for SMS messages inside networks at will. And, Haaretz recently reported on another sophisticated attack on an Israeli network to intercept SMS traffic.
When Google’s RCS deployment gained traction last year, a cybersecurity company warned that RCS has done nothing to address vulnerabilities in SMS and, as such, “exposes most mobile users to hacking.” The lack of security enhancements with Android Messages “allows hackers to intercept and manipulate communication through DNS spoofing attack”. Google did not respond when asked if any of these issues had been resolved.
There is more to iMessage than encrypting 1: 1 or group messages in Apple’s ecosystem. Its innovative encryption architecture works across multiple endpoints – your iPhone, iPad, and Mac, for example, as full-fledged apps that aren’t pulled from the phone’s database. This network of one-user trusted devices allows a live backup to run in iCloud, an end-to-end encrypted backup, which even beats WhatsApp’s unsecured backup options and lack of support. charging multiple devices. There is a security caveat with iMessage: if users back up their devices to iCloud, it stores a copy of the encryption key, but those backups are less relevant now with iCloud sync and device-to-device transfers. when upgrading.
Signal also offers several endpoint apps, you can run the app on your phone and your laptop or desktop, although there is no synchronization between these endpoints and no multi-backup option. continuous platform – Signal does not do anything that could compromise the integrity of its security. When upgrading to a new device, you can create a backup and manually transfer the file. If you’re still having trouble installing Signal and trying, keep in mind that Google’s new end-to-end encryption on RCS uses Signal’s encryption protocol, just like WhatsApp.
Despite its shortcomings, Google’s move is welcome, especially given the growing threat of end-to-end encryption from lawmakers around the world. This initial beta fixes the most prominent problem with basic SMS and RCS: keeping your chats safe. But enabling backups in the cloud will break that level of security, essentially storing the decrypted messages and there is no innovative architecture to manage multiple devices. The most glaring problem, however, is the lack of support for groups. Unless that’s fixed, this encryption is pretty useless. When that is fixed, this advice may change. But until then, my recommendation is to use WhatsApp as the primary messenger, given its large user base and despite its shortcomings and selecting Signal as your default Android messaging to keep you away from unsecured SMS and RCS wherever you can.