New government warning hits Google Messages users
As the implications of Chinese hacking attacks on America’s telco networks continues to reverberate across the tech sector, there has been user confusion as to what is secure and what is not. Nowhere is that more confusing than with the way Android and iPhone devices connect to one another through their stock messaging apps.
Google has been on a mission to drive seamless, cross-platform messaging, finally winning its battle with Apple to push the iMaker into adopting RCS. But that doesn’t match the security provided by over-the-top messengers like Signal, WhatsApp and even Facebook Messenger. This has now come home to bite.
Google Messages users, CISA has just warned, should “only use RCS if end-to-end encryption is enabled. If all participants are using Google Messages, your conversation will use end-to-end encryption.” And if they’re not, then it isn’t. That means if you’re messaging an iPhone, or vice versa, you need to use something else.
The issue was implied when the FBI and CISA warned Americans to use encrypted platforms where they could for messaging and even voice/video calls. But now that has been spelled out in absolute clarity. The U.S. cyber agency “recommends an end-to-end encrypted messaging app that is compatible with both iPhone and Android operating systems, allowing for text message interoperability across platforms.”
Ideally, such apps provide clients for desktop platforms and the web. CISA also says “these apps typically support one-on-one text chats, group chats with up to 1,000 participants, and encrypted voice and video calls. Additionally, they may include features like disappearing messages and images, which can enhance privacy.”
CISA calls out Signal as one such app, which is notably smaller than market-leader WhatsApp. But the agency also says “when selecting an end-to-end encrypted messaging app, evaluate the extent to which the app and associated services collect and store metadata,” which might explain why. META-owned WhatsApp collects significantly more metadata than Signal,
There’s nothing new here for Apple users. It’s impossible to use iMessage without knowing what’s secure and what’s not—blue bubbles versus green bubbles. But it’s harder with Google messages, which blurs the fact that it isn’t RCS.that’s secured, but Google’s own deployment within Google Messages. Even messaging within the Android ecosystem from Google Messages to another app is not fully secure.
While CISA seemingly recommends Signal, WhatsApp is also fine for daily use, albeit you need to bear metadata capture in mind. Meanwhile we await the promised RCS update that will add end-to-end encryption into the mix, changing this advice. But we’ve just been warned this is months away at the earliest—so use something else.
