Apple did the bare minimum because it doesn't care about you either

Features
By
published

Texting still isn't safe.

Android figures
(Image credit: Jerry Hildenbrand / Android Central)

Normally, I'm quick to point out all the ways that Google shows a lack of respect for users inside its ecosystem. That's part of my job; if a Google exec scratches his or her butt, I need to see how it affects Google's portfolio and us since we're the ones using these products.

That means I rarely worry about what other companies, like Apple, do to their users. This time is different because Apple's disdain for consumers and lack of cooperation puts us all at risk, according to the FBI, which usually knows what it is doing.

I'm talking about RCS. Of course, I'm talking about RCS because it's been at least a month since I had to talk about RCS.

Android & Chill

Android Central mascot

(Image credit: Future)

One of the web's longest-running tech columns, Android & Chill is your Saturday discussion of Android, Google, and all things tech.

Here's the deal: if you use an iPhone and message someone else who is using an iPhone, you're good. If you use an Android phone and message someone else using an Android phone, you're good, too. The problem is when an iPhone user messages an Android user or an Android user messages an iPhone user.

Those messages, using the default messages app built into the phone, are no more secure than the old way of sending a text was. Apple did incorporate RCS messaging into iMessage, but it did it in a way that's not secure and didn't work with Google to sort it out.

This happened because of RCS itself. The tech, in its current form, doesn't support any sort of encryption yet. It's being worked on, but if you implement RCS using only the current open standards, messages are no safer than they used to be.

On the other hand, Google does offer encrypted RCS messaging — but only between two Android phones or the Chrome browser tied to an Android phone. It added this itself because RCS has no encryption method in place.

Since about 80% of people worldwide who use a smartphone are using an Android smartphone, this was one of those times when Google did the right thing. Apple didn't. Apple offers iPhone users who talk to other iPhone users encryption and tells everyone else to just buy an iPhone.

Google Messages RCS chatting on a Pixel 4a.

(Image credit: Android Central)

The FBI piping in to let everyone know there is a problem isn't unexpected. In fact, it's the opposite, and I'm surprised it took so long. I assumed exploits would pop up during the first week, just like spam and phishing messages supposedly from the post office did. You (probably) aren't special, and nobody is actively trying to steal your identity and hack your credit cards; they're just trying to steal everyone's identity and get everyone's credit card info. Casting a huge net is an easy way to scam regular people out of millions each year.

Apple and Google could have, and should have, prevented this. Instead, Google was worried about tossing barbs at Apple and then taking a victory lap even when it didn't really get what it was demanding. Meanwhile, Apple trudged along and did nothing until China said they had to add RCS capabilities. Apple will always try to appease China when it's easy to do it, just like Google would. Neither side cared about working together to help consumers like us because we were going to buy their shit anyway. 💰🐄

So what should you do? If you live outside the U.S. or Canada, you probably don't have to do anything because you likely don't even use Google Messages or iMessage. People here use them because texts are free, and, well, we just do.

If you use either, you should stop and switch to a secure and encrypted platform like the FBI says. There are plenty, but I'm partial to Signal because the people behind it only care about making a secure messaging service; they want to hook you on their product by making it great and not tying it to another service or looking to sell it off to Meta.

Signal messenger.

(Image credit: Signal)

That's easier said than done. You could go through all of your contacts and ask them to switch to another platform, but they're not going to do it. They don't think they need to do it because they might not have thousands in the bank sitting around ripe for the taking, or they don't think they have anything to hide.

All you really can do is refuse to send any information through Google Messages or iMessage that you don't want the world to read and wish the companies that made these things actually cared about their users.

Jerry Hildenbrand
Jerry Hildenbrand
Senior Editor — Google Ecosystem

Jerry is an amateur woodworker and struggling shade tree mechanic. There's nothing he can't take apart, but many things he can't reassemble. You'll find him writing and speaking his loud opinion on Android Central and occasionally on Threads.

8 Comments Comment from the forums
  • swinn
    Maybe someone should do a story about Verizon disabling RCS on all government contract lines a few months ago. Their excuse was that the government told them to. I'm surprised no news organizations ever picked it up.
    Reply
  • BaritoneGuy
    AC News said:
    Because Apple and Google won't work together, the FBI says users should switch to a better messenger.

    Apple did the bare minimum because it doesn't care about you either : Read more
    Absolute nonsense. Google hacked the spec to do encryption. All encrypted RCS must pass through Google infrastructure. Do you really think Apple would go for this?

    You are right about China being the final impetus for RCS which would require the messages to NOT pass through Google stuff as they don’t operate there.

    Instead why don’t the folks push the RCS standards people to adopt encryption as part of the standard.
    Reply
  • obarthelemy
    Are you saying RCS messaging from a browser other than Chrome aren't encrypted ? Are you sure ?

    Or are you just using "CHrome" to mean "a web browser", forgetting that others exist ?
    Reply
  • spARTacus
    From what I think I understand, all information/data exchanges between Google RCS Servers and any Google Messages App (and/or between/to any "Web Browser session for Google Messages" ) is secure and not at risk. And of course, any direct Google Messages App to Google Messages App information/data exchanges are also secure and not at risk (as is also any iMessaging App to iMessaging App data /information exchanges).

    I am not even sure I fully understand what all the not secure aspects are about the current situation. Perhaps only the part about how carriers might currently facilitate/forward RCS data/information exchanges based on telephone number as key, for between Google RCS Servers and Apple iMessaging Servers, and/or for between their own or other carrier RCS Servers, and from that perspective perhaps no different than how carrier facilitated SMS/MMS messaging has similarly for years not been secure.
    Reply
  • mustang7757
    obarthelemy said:
    Are you saying RCS messaging from a browser other than Chrome aren't encrypted ? Are you sure ?

    Or are you just using "CHrome" to mean "a web browser", forgetting that others exist ?
    iPhone to Android RCS is not encrypted, Android to Android is .
    Reply
  • spARTacus
    mustang7757 said:
    iPhone to Android RCS is not encrypted, Android to Android is .
    You mean not "end to end" (user to user) encrypted, correct?

    From what I understand, the exchanges between app/client and carrier RCS servers is encrypted (or at least is for the Google Messages app).

    Edit: ...and apparently, some carriers may also actually be using Google RCS servers as opposed to their own RCS servers (meaning for those there may also be another risk reduction in terms of what is being stated as "no security" for RCS).
    Reply
  • mustang7757
    spARTacus said:
    You mean not "end to end" (user to user) encrypted, correct?

    From what I understand, the exchanges between app/client and carrier RCS servers is encrypted (or at least is for the Google Messages app).

    Edit: ...and apparently, some carriers may also actually be using Google RCS servers as opposed to their own RCS servers (meaning for those there may also be another risk reduction in terms of what is being stated as "no security" for RCS).


    Yeah user to user between iPhone and Google messages
    Reply
  • gartysparty
    BaritoneGuy said:
    Absolute nonsense. Google hacked the spec to do encryption. All encrypted RCS must pass through Google infrastructure. Do you really think Apple would go for this?

    You are right about China being the final impetus for RCS which would require the messages to NOT pass through Google stuff as they don’t operate there.

    Instead why don’t the folks push the RCS standards people to adopt encryption as part of the standard.
    It's to Apple's benefit to drag out the RCS encryption as long as possible, which is to wait for the GSMA to update the standard. There's no good reason to not adopt compatibility with Google's RCS version other than their preference to drag out the security advantages of iMessage as long as possible.

    Did you know that Apple uses google cloud services for part of it's iCloud infrastructure and has since 2018? It's very easy to find sources about that on the internet. Apple is not above using Google to host services. Don't let your bias for Google's ad business get in the way of your understanding of how secure and popular their cloud services are.
    Reply