Wednesday, 02 September 2020 05:07

Why you should stop sending texts from your Android messages app

Rate this item
(0 votes)

Zak Doffman

If there’s a glaring issue with a widely used technology now undergoing a major upgrade, you’d think the glaring issue would be fixed. Well, apparently not. If you’re an Android user, then Google either just has or is just about to update your device’s Messages app with its answer to Apple’s brilliant iMessage. Dubbed RCS or Rich Communication Services, this will update your phone’s basic default messenger into a fully-featured chat platform to compete with iMessage as well as WhatsApp and Facebook Messenger.

Messaging has become a battlefield, with Apple and Google battling Facebook (both Messenger and WhatsApp) to be the go-to platform on your phone. There are few stickier apps than the one you use to chat with friends, family and colleagues. And as new functionality becomes more commercial—ticketing, coupons, purchases, transfers and ads, this becomes a real money-spinner.

As reported this week, ever more countries are becoming RCS enabled—recent updates have appeared in Argentina, Chile, Denmark, Italy, Norway, Pakistan, Poland, Portugal and Singapore. Although RCS is being deployed by carriers around the world, it is Google driving the rollout—it needs to level the playing field with Apple. RCS is the long-awaited upgrade to the standard SMS capability built into our phones. SMS is a basic tech that’s really best avoided—and unfortunately RCS hasn’t fixed one of its most critical issues.

Putting animated stickers and easy-to-reach GIFs to one side, messaging comes down to a balancing act between functionality, security and install base: The install base across the platforms from BigTech—Facebook Messenger, WhatsApp, iMessage and Google Messages is clearly good—albeit Facebook requires an “over-the-top” service, rather than the fallback to network SMS used by Apple and Google. Functionality is good across the board and getting better all the time. But on the security front, there’s still a major difference.

The original and still most universal global messaging platform is SMS—the standard text messenger available on GSM phones. Both Apple and Google use SMS as a fallback for those without iMessage, where Apple is concerned, or without the upgraded chat functions offered by Google, which are built around that new RCS tech. But RCS is not an iMessage equivalent—it’s completely different and has a glaring issue. Android users should turn to WhatsApp or Signal instead of using Android’s Messages app.

When you send an SMS, the data is encrypted between your phone and the cell tower—it can’t easily be intercepted over the air, as such. But that’s simple network security. Once the SMS has disappeared into the network, it is open to interception. And given we text people on different networks and in different countries, your SMS can travel across a hotchpotch of different network servers and systems. You can see the issue. Last year, I reported on a Chinese cyberattack on global carriers pulling SMS from senders and recipients at will.

Back in 2016, WhatsApp fixed this by defaulting to what’s called end-to-end encryption. Many reading this will know exactly what this means—but a surprising number of users are still unaware of the differences. What it means, put simply, is that the message is secured with only the sender and the recipient holding the decryption key. No-one—including the network and WhatsApp—can see what you have sent. iMessage does exactly the same—as long as it’s that blue bubble, once you go green and SMS, then all bets are off.

You can see the issue. Google has decided to adopt an updated SMS architecture, to work with the carriers rather than providing Android with an “over the top” equivalent to iMessage. Your message is encrypted between your phone and Google’s servers, but that message can be decrypted en route—you’re not the only one with the key. And if the message links in with other RCS deployments, then it’s as unsecured as an SMS. You can control when iMessage uses SMS—you don’t have that easy flexibility with Google Messages’ use of RCS. As Google says, “if your chat features are provided by Google, but your recipient’s RCS service is with another provider, your messages are routed through Google’s RCS backend and then routed to your recipient's RCS backend.”

Last year, Germany’s SRLabs warned that deploying RCS as an SMS upgrade without a new approach to security “exposes most mobile users to hacking.” The researchers warned that the way in which Google and the carriers were deploying RCS would open users to impersonation—mimicking the number and IP address of a device, interception and tracking. RCS provisioning “is badly protected in many networks,” the team said, “allowing hackers to fully take over user accounts.” And Google Messages “does not implement sufficient domain and certificate validation, enabling hackers to intercept and manipulate communication through a DNS spoofing attack.”

I asked Google whether it has addressed any of the security issues raised by SRLabs—there has been no response as yet.

The technical details don’t especially matter here. The fact is that either your messages are end-to-end encrypted or they’re not. And while you probably think that most of your messages don’t warrant security, we all send financial details, contact details and other sensitive information over messengers. We use messengers to chat with work colleagues. We expect they’re secure from prying eyes.

As Google explains, its security focuses on the connection between you and Google, not what happens after that: “Chat features by Google uses Transport Layer Security (TLS) encryption to protect your messages. This means that anyone trying to intercept messages between you and Google would only be able to see encrypted, unreadable text... RCS is an industry standard for operator messaging. This means that messaging apps that support RCS standard, like Samsung Messages, may connect to chat features by Google.”

Facebook and WhatsApp have both warned that end-to-end encryption is a necessary security measure to stop content “falling into the wrong hands,” Facebook even advocates the secret messages feature in its own Messenger to “mitigate the compromise of server and networking infrastructure used by Messenger—Facebook’s included.” Messenger isn’t end-to-end encrypted by default, and users should switch to WhatsApp. RCS is even worse—at least Facebook is a single provider and doesn’t push content outside its own control.

Google is reportedly developing an end-to-end encryption upgrade for its RCS deployment—and when that’s done, this advice will change and Android users will have an iMessage alternative. Until then, though, I strongly advise you to ensure your go-to messenger is fully encrypted. WhatsApp is likely your best option—it’s ubiquitous and has all the features you need. It’s also due a bunch of feature upgrades, including multiple linked devices, which will make it even better. But if you balk at the idea of Facebook accessing your data—albeit I’m not sure Google is a much better option—then go for Signal, the all round best messenger available today.

 

Forbes

November 22, 2024

All good leaders have this mindset, no matter their background

David G. Ewing In today’s tech-driven business world, the ability to navigate technological challenges isn’t…
November 22, 2024

Tinubu’s borrowing spree retuning Nigeria back into debt peonage - Atiku

Former Vice President Atiku Abubakar has criticized the President Bola Tinubu-led administration for the increasing…
November 18, 2024

The magic and the minefield of confidence: Self doubt, hubris and everything in between - The Economist

Confidence is contagious. Someone declaring a position with ringing certainty is more likely to inspire…
November 16, 2024

Influencer eats pig feed in extreme attempt to save money

Popular Douyin streamer Kong Yufeng recently sparked controversy in China by eating pig feed on…
November 22, 2024

FG excited as pro-Biafra agitator Simon Ekpa arrested in Finland on terrorism charges

Simon Ekpa, the controversial leader of the pro-Biafra faction Autopilot, was arrested by Finnish authorities…
November 22, 2024

Here’s the latest as Israel-Hamas war enters Day 413

ICC issues arrest warrants for Israel's Netanyahu, Gallant and Hamas leader The International Criminal Court…
November 21, 2024

Nigeria comes top in instant payment system inclusivity index in Africa

Nigeria’s instant payment system is projected to advance to the maturity inclusion spectrum ahead of…
October 27, 2024

Nigeria awarded 3-0 win over Libya after airport fiasco

Nigeria have been awarded a 3-0 victory over Libya, and three vital points, from their…

NEWSSCROLL TEAM: 'Sina Kawonise: Publisher/Editor-in-Chief; Prof Wale Are Olaitan: Editorial Consultant; Femi Kawonise: Head, Production & Administration; Afolabi Ajibola: IT Manager;
Contact Us: [email protected] Tel/WhatsApp: +234 811 395 4049

Copyright © 2015 - 2024 NewsScroll. All rights reserved.