Friday, April 20, 2018

Google’s support of RCS without end-to-end encryption is irresponsible

Dieter Bohn from The Verge has an exclusive look at Google’s upcoming ‘Chat’ app and its use of Rich Communication Services (RCS). Together, they are the company’s latest attempt to solve the dumpster fire that is text messaging on Android.

RCS is a protocol backed by wireless carriers, and Google is the latest enabler. Here’s why I think it’s irresponsible.

Chat app and Rich Communication Services

Dieter:

Now, the company is doing something different. Instead of bringing a better app to the table, it’s trying to change the rules of the texting game, on a global scale. Google has been quietly corralling every major cellphone carrier on the planet into adopting technology to replace SMS. It’s going to be called “Chat,” and it’s based on a standard called the “Universal Profile for Rich Communication Services.” SMS is the default that everybody has to fall back to, and so Google’s goal is to make that default texting experience on an Android phone as good as other modern messaging apps.

Maybe the app will have more feature parity with iMessage, and that would be great for Android users. But what good is it when you factor in the following?

  1. The traffic path is no different than SMS. It goes phone > carrier > phone. We all know how much carriers love our data, and how easily it can be accessed or even subpoenaed.
  2. Also like SMS, RCS traffic is not encrypted end-to-end.

The above points are the largest problems with all of this. In a day and age where data breaches and the selling or mishandling of personal data are sadly commonplace, unencrypted traffic is simply irresponsible. Public awareness of security and privacy are more at the forefront and can only increase.

Why not replicate iMessage?

As Dieter talks about, Google also has self-imposed limitations because of Android’s openness. You see, they won’t go all in on a purely in-house messaging service (like iMessage), because every text would have to route through them. In essence, Google isn’t empowered to replicate iMessage because they share the Android ecosystem. Whereas Apple is the Apple ecosystem.

One of the major complaints about Apple is how closed off they are. Apparent here, the benefit is tighter integration within their ecosystem of apps, services, and hardware.

Dieter also thinks Apple will adopt RCS, but I don’t see them backing it for a couple reasons:

  1. Aside from lackluster encryption, it competes too directly with iMessage on a feature level.
  2. iMessage is a huge reason people don’t switch to Android.
  3. The entire protocol would have to be encrypted end-to-end and supported by all other manufacturers and their messaging apps. Sure, Apple supports (unencrypted) SMS right now, but only out of necessity and precedence.

I don’t see Apple replacing SMS or introducing RCS simply for the sake of iMessage-like features without the security.

If anything, this further cements iMessage as the texting king.

Update for clarity: my case is essentially for end-to-end encryption, so I made a couple small edits to make it clearer.