I don’t see what this has to do with the carriers, are they trying to stay relevant?
Apple should just add RCS to SMS as the fall-back option in iMessage.
So here is the logic for iMessage users: 1.) If you are an iPhone iMessage user and you try to chat/message a non-iMessage phone number it currently falls back to your carrier.
2.) Say your carrier is AT&T and you have an RCS capable phone, AT&T then checks to see if the phone number you are calling is an AT&T RCS number and if so, it will initiate a carrier chat. Apple shouldn’t care! 3.) Eventually when AT&T successfully implements cross-carrier persistent RCS with other carriers you will be able to chat with anyone on those other carriers. Apple shouldn’t care!
So how is it end-to-end encrypted if I type a message and Apple hands it off without encryption to the carrier?
As it stands right now SMS is not encrypted, but in my example RCS will be encrypted between AT&T users. What we don’t know is what will happen between carriers in the future?
Right, but RCS is supposed to be "the future" and fix all of the problems with SMS (including end-to-end encryption). For there to be true end-to-end encryption, your iPhone needs to have the ability to encrypt everything before it's sent out. Which would mean that Apple does need to care (add support for encrypting messages sent via RCS). The Wikipedia article discusses why this could be a problem for carriers:
Amnesty International researcher Joe Westby criticized RCS for not allowing end-to-end encryption, because it is treated as a service of carriers and thus subject to lawful interception.
Ah, I was wondering why this spec had such an obvious security flaw: it’s deliberate.
"Interception" will only get a garbled result when only two devices hold the decryption key: You and your recipient. See the previous post.
When I got my first iPhone in 2008, it's also when I first started using SMS.
My carrier had software that I could install on my Mac and I was BLOWN AWAY that they were storing all of my SMS conversations going back since the beginning! 🧐🤨😒😩
Once upon a time you were almost certainly correct but there are signs pointing to the opposite being true now, at least minimally that both platforms are pretty equally secure today compared to just a few years ago.
It doesn't matter much if something is a target if the ammo can't hit it.
I don’t see what this has to do with the carriers, are they trying to stay relevant?
Apple should just add RCS to SMS as the fall-back option in iMessage.
So here is the logic for iMessage users: 1.) If you are an iPhone iMessage user and you try to chat/message a non-iMessage phone number it currently falls back to your carrier.
2.) Say your carrier is AT&T and you have an RCS capable phone, AT&T then checks to see if the phone number you are calling is an AT&T RCS number and if so, it will initiate a carrier chat. Apple shouldn’t care! 3.) Eventually when AT&T successfully implements cross-carrier persistent RCS with other carriers you will be able to chat with anyone on those other carriers. Apple shouldn’t care!
So how is it end-to-end encrypted if I type a message and Apple hands it off without encryption to the carrier?
As it stands right now SMS is not encrypted, but in my example RCS will be encrypted between AT&T users. What we don’t know is what will happen between carriers in the future?
Right, but RCS is supposed to be "the future" and fix all of the problems with SMS (including end-to-end encryption). For there to be true end-to-end encryption, your iPhone needs to have the ability to encrypt everything before it's sent out. Which would mean that Apple does need to care (add support for encrypting messages sent via RCS). The Wikipedia article discusses why this could be a problem for carriers:
Amnesty International researcher Joe Westby criticized RCS for not allowing end-to-end encryption, because it is treated as a service of carriers and thus subject to lawful interception.
How end-to-end (RCS) encryption works
When you use the Messages app to send end-to-end encrypted messages, all chats, including their text and any files or media, are encrypted as the data travels between devices. Encryption converts data into scrambled text. The unreadable text can only be decoded with a secret key.
There's also this part in that same support document:
To use end-to-end encryption in Messages, you and the person you message must both:
Use the Messages app.
Have chat features enabled.
Use data or Wi-Fi for Rich Communications Services (RCS) messages.
"Use data" is very confusing. My interpretation is that, if you're not on Wi-Fi (only have a cellular connection), then RCS is only end-to-end encrypted when sending things which are pure data (messages, images, etc). Not voice calls. But that's unclear.
I don’t see what this has to do with the carriers, are they trying to stay relevant?
Apple should just add RCS to SMS as the fall-back option in iMessage.
So here is the logic for iMessage users: 1.) If you are an iPhone iMessage user and you try to chat/message a non-iMessage phone number it currently falls back to your carrier.
2.) Say your carrier is AT&T and you have an RCS capable phone, AT&T then checks to see if the phone number you are calling is an AT&T RCS number and if so, it will initiate a carrier chat. Apple shouldn’t care! 3.) Eventually when AT&T successfully implements cross-carrier persistent RCS with other carriers you will be able to chat with anyone on those other carriers. Apple shouldn’t care!
So how is it end-to-end encrypted if I type a message and Apple hands it off without encryption to the carrier?
As it stands right now SMS is not encrypted, but in my example RCS will be encrypted between AT&T users. What we don’t know is what will happen between carriers in the future?
Right, but RCS is supposed to be "the future" and fix all of the problems with SMS (including end-to-end encryption). For there to be true end-to-end encryption, your iPhone needs to have the ability to encrypt everything before it's sent out. Which would mean that Apple does need to care (add support for encrypting messages sent via RCS). The Wikipedia article discusses why this could be a problem for carriers:
Amnesty International researcher Joe Westby criticized RCS for not allowing end-to-end encryption, because it is treated as a service of carriers and thus subject to lawful interception.
How end-to-end (RCS) encryption works
When you use the Messages app to send end-to-end encrypted messages, all chats, including their text and any files or media, are encrypted as the data travels between devices. Encryption converts data into scrambled text. The unreadable text can only be decoded with a secret key.
There's also this part in that same support document:
To use end-to-end encryption in Messages, you and the person you message must both:
Use the Messages app.
Have chat features enabled.
Use data or Wi-Fi for Rich Communications Services (RCS) messages.
"Use data" is very confusing. My interpretation is that, if you're not on Wi-Fi (only have a cellular connection), then RCS is only end-to-end encrypted when sending things which are pure data (messages, images, etc). Not voice calls. But that's unclear.
I didn't think RCS involved voice calls.
Anyway, as far as I can tell from reading something other than a Wiki the security and privacy provided by Google's now-encrypted RCS is the equal of iMessage. There is no provision for a man in the middle, tho of some interest the Brits do have a way devised of becoming a "ghost-eavesdropper" in an iMessage conversation. Their method would not work for injecting themselves in a Google RCS message exchange since E2E encrypted RCS is only permitted between two people who have the only existing keys and not a group.
My guess is Google is totally aware of the possibility of being forced into letting another listener in a secured messaging session and is purposely removing it as doable, but quietly and under the radar rather than with fanfare. They did this when they secured cloud uploads with the keys existing only on the owners own device and in such a manner that not even Google could un-encrypt them. They put it in place late on a Friday and totally unannounced in advance, not even vetted with government authorities before doing it.
Just an observation: Your personal cloud data is far more secure from "authorities" or any other prying eyes on Android than it is with iOS. Google doesn't possess a key to it while Apple does, and therefore couldn't comply with a legal decryption order even if presented with one. In fairness Apple reportedly wanted to do the same with iCloud but didn't because IMHO they were a little too chatty, wanting to be far too vocal about it for likely competitive advantage reasons, and attracted the wrong type of feedback from law agencies.
I don’t see what this has to do with the carriers, are they trying to stay relevant?
Apple should just add RCS to SMS as the fall-back option in iMessage.
So here is the logic for iMessage users: 1.) If you are an iPhone iMessage user and you try to chat/message a non-iMessage phone number it currently falls back to your carrier.
2.) Say your carrier is AT&T and you have an RCS capable phone, AT&T then checks to see if the phone number you are calling is an AT&T RCS number and if so, it will initiate a carrier chat. Apple shouldn’t care! 3.) Eventually when AT&T successfully implements cross-carrier persistent RCS with other carriers you will be able to chat with anyone on those other carriers. Apple shouldn’t care!
So how is it end-to-end encrypted if I type a message and Apple hands it off without encryption to the carrier?
As it stands right now SMS is not encrypted, but in my example RCS will be encrypted between AT&T users. What we don’t know is what will happen between carriers in the future?
Right, but RCS is supposed to be "the future" and fix all of the problems with SMS (including end-to-end encryption). For there to be true end-to-end encryption, your iPhone needs to have the ability to encrypt everything before it's sent out. Which would mean that Apple does need to care (add support for encrypting messages sent via RCS). The Wikipedia article discusses why this could be a problem for carriers:
Amnesty International researcher Joe Westby criticized RCS for not allowing end-to-end encryption, because it is treated as a service of carriers and thus subject to lawful interception.
How end-to-end (RCS) encryption works
When you use the Messages app to send end-to-end encrypted messages, all chats, including their text and any files or media, are encrypted as the data travels between devices. Encryption converts data into scrambled text. The unreadable text can only be decoded with a secret key.
There's also this part in that same support document:
To use end-to-end encryption in Messages, you and the person you message must both:
Use the Messages app.
Have chat features enabled.
Use data or Wi-Fi for Rich Communications Services (RCS) messages.
"Use data" is very confusing. My interpretation is that, if you're not on Wi-Fi (only have a cellular connection), then RCS is only end-to-end encrypted when sending things which are pure data (messages, images, etc). Not voice calls. But that's unclear.
I didn't think RCS involved voice calls.
From the Wikipedia article about RCS which I posted earlier:
Release 5 Version 1.0 (19.04.2012)
. . .
IP Voice call (IR92 and IR.58)
IP Video call (IR.94)
While we're only talking about text messages here, the 'C' in RCS encompasses much more than that. And that's a big part of what makes Apple's solution so good: you get secure messaging (Messages) + IP voice & video calls (FaceTime). If the RCS group is aiming to win Apple over, they need to provide something which encompasses all of those. Which they have, in theory, but in practice it seems like different carriers have different levels of feature and encryption support.
Just an observation: Your personal cloud data is far more secure from "authorities" or any other prying eyes on Android than it is with iOS. Google doesn't possess a key to it while Apple does, and therefore couldn't comply with a legal decryption order even if presented with one. In fairness Apple reportedly wanted to do the same with iCloud but didn't because IMHO they were a little too chatty, wanting to be far too vocal about it for likely competitive advantage reasons, and attracted the wrong type of feedback from law agencies.
Have you even read Apple's security overview for iCloud services? The only thing Apple has the key to is the iCloud backup of your messages (as stated in that overview, along with the reason). If you turn off iCloud backup for Messages (as I have), then they don't have access to anything. Messages in iCloud is end-to-end encrypted.
As for "sneaking things in on a Friday afternoon", that's a joke right? If the government really wanted to, they could pass a law requiring a master decryption key. But they haven't, and so Apple is under no obligation to do it (same as Google).
If you're going to take others to task for reading the details of Google's technology before making statements, you might want to do the same.
I don’t see what this has to do with the carriers, are they trying to stay relevant?
Apple should just add RCS to SMS as the fall-back option in iMessage.
So here is the logic for iMessage users: 1.) If you are an iPhone iMessage user and you try to chat/message a non-iMessage phone number it currently falls back to your carrier.
2.) Say your carrier is AT&T and you have an RCS capable phone, AT&T then checks to see if the phone number you are calling is an AT&T RCS number and if so, it will initiate a carrier chat. Apple shouldn’t care! 3.) Eventually when AT&T successfully implements cross-carrier persistent RCS with other carriers you will be able to chat with anyone on those other carriers. Apple shouldn’t care!
So how is it end-to-end encrypted if I type a message and Apple hands it off without encryption to the carrier?
As it stands right now SMS is not encrypted, but in my example RCS will be encrypted between AT&T users. What we don’t know is what will happen between carriers in the future?
Right, but RCS is supposed to be "the future" and fix all of the problems with SMS (including end-to-end encryption). For there to be true end-to-end encryption, your iPhone needs to have the ability to encrypt everything before it's sent out. Which would mean that Apple does need to care (add support for encrypting messages sent via RCS). The Wikipedia article discusses why this could be a problem for carriers:
Amnesty International researcher Joe Westby criticized RCS for not allowing end-to-end encryption, because it is treated as a service of carriers and thus subject to lawful interception.
How end-to-end (RCS) encryption works
When you use the Messages app to send end-to-end encrypted messages, all chats, including their text and any files or media, are encrypted as the data travels between devices. Encryption converts data into scrambled text. The unreadable text can only be decoded with a secret key.
There's also this part in that same support document:
To use end-to-end encryption in Messages, you and the person you message must both:
Use the Messages app.
Have chat features enabled.
Use data or Wi-Fi for Rich Communications Services (RCS) messages.
"Use data" is very confusing. My interpretation is that, if you're not on Wi-Fi (only have a cellular connection), then RCS is only end-to-end encrypted when sending things which are pure data (messages, images, etc). Not voice calls. But that's unclear.
I didn't think RCS involved voice calls.
From the Wikipedia article about RCS which I posted earlier:
Release 5 Version 1.0 (19.04.2012)
. . .
IP Voice call (IR92 and IR.58)
IP Video call (IR.94)
While we're only talking about text messages here, the 'C' in RCS encompasses much more than that. And that's a big part of what makes Apple's solution so good: you get secure messaging (Messages) + IP voice & video calls (FaceTime). If the RCS group is aiming to win Apple over, they need to provide something which encompasses all of those. Which they have, in theory, but in practice it seems like different carriers have different levels of feature and encryption support.
Just an observation: Your personal cloud data is far more secure from "authorities" or any other prying eyes on Android than it is with iOS. Google doesn't possess a key to it while Apple does, and therefore couldn't comply with a legal decryption order even if presented with one. In fairness Apple reportedly wanted to do the same with iCloud but didn't because IMHO they were a little too chatty, wanting to be far too vocal about it for likely competitive advantage reasons, and attracted the wrong type of feedback from law agencies.
Have you even read Apple's security overview for iCloud services? The only thing Apple has the key to is the iCloud backup of your messages (as stated in that overview, along with the reason). If you turn off iCloud backup for Messages (as I have), then they don't have access to anything. Messages in iCloud is end-to-end encrypted.
As for "sneaking things in on a Friday afternoon", that's a joke right? If the government really wanted to, they could pass a law requiring a master decryption key. But they haven't, and so Apple is under no obligation to do it (same as Google).
If you're going to take others to task for reading the details of Google's technology before making statements, you might want to do the same.
I don’t see what this has to do with the carriers, are they trying to stay relevant?
Apple should just add RCS to SMS as the fall-back option in iMessage.
So here is the logic for iMessage users: 1.) If you are an iPhone iMessage user and you try to chat/message a non-iMessage phone number it currently falls back to your carrier.
2.) Say your carrier is AT&T and you have an RCS capable phone, AT&T then checks to see if the phone number you are calling is an AT&T RCS number and if so, it will initiate a carrier chat. Apple shouldn’t care! 3.) Eventually when AT&T successfully implements cross-carrier persistent RCS with other carriers you will be able to chat with anyone on those other carriers. Apple shouldn’t care!
So how is it end-to-end encrypted if I type a message and Apple hands it off without encryption to the carrier?
As it stands right now SMS is not encrypted, but in my example RCS will be encrypted between AT&T users. What we don’t know is what will happen between carriers in the future?
Right, but RCS is supposed to be "the future" and fix all of the problems with SMS (including end-to-end encryption). For there to be true end-to-end encryption, your iPhone needs to have the ability to encrypt everything before it's sent out. Which would mean that Apple does need to care (add support for encrypting messages sent via RCS). The Wikipedia article discusses why this could be a problem for carriers:
Amnesty International researcher Joe Westby criticized RCS for not allowing end-to-end encryption, because it is treated as a service of carriers and thus subject to lawful interception.
How end-to-end (RCS) encryption works
When you use the Messages app to send end-to-end encrypted messages, all chats, including their text and any files or media, are encrypted as the data travels between devices. Encryption converts data into scrambled text. The unreadable text can only be decoded with a secret key.
There's also this part in that same support document:
To use end-to-end encryption in Messages, you and the person you message must both:
Use the Messages app.
Have chat features enabled.
Use data or Wi-Fi for Rich Communications Services (RCS) messages.
"Use data" is very confusing. My interpretation is that, if you're not on Wi-Fi (only have a cellular connection), then RCS is only end-to-end encrypted when sending things which are pure data (messages, images, etc). Not voice calls. But that's unclear.
I didn't think RCS involved voice calls.
From the Wikipedia article about RCS which I posted earlier:
Release 5 Version 1.0 (19.04.2012)
. . .
IP Voice call (IR92 and IR.58)
IP Video call (IR.94)
While we're only talking about text messages here, the 'C' in RCS encompasses much more than that. And that's a big part of what makes Apple's solution so good: you get secure messaging (Messages) + IP voice & video calls (FaceTime). If the RCS group is aiming to win Apple over, they need to provide something which encompasses all of those. Which they have, in theory, but in practice it seems like different carriers have different levels of feature and encryption support.
Thanks for mentioning the voice component in RCS. I hadn't considered Facetime-like voice calling as having a connection with it. One of my "DUH!" moments.
That sent me looking, and I found an answer to your earlier question, whether that encryption extends to Duo (Google version of Facetime), just as Facetime is on my iPhone. Yes it's also E2E secured
"For Duo calls, end-to-end encryption means that a call’s data (its audio and video) is encrypted from your device to your contact’s device. The encrypted audio and video can only be decoded with a shared secret key.
This key:
Is a number that’s created on your device and the device you called. It exists only on those devices.
Isn’t shared with Google, anyone else, or other devices.
Disappears as soon as the call ends.
Even if someone gains access to the data for the call, they won’t understand it because they don’t have the key."
Comments
My carrier had software that I could install on my Mac and I was BLOWN AWAY that they were storing all of my SMS conversations going back since the beginning! 🧐🤨😒😩
Say no to whataboutism.
https://arstechnica.com/information-technology/2019/09/for-the-first-time-ever-android-0days-cost-more-than-ios-exploits/
Once upon a time you were almost certainly correct but there are signs pointing to the opposite being true now, at least minimally that both platforms are pretty equally secure today compared to just a few years ago.
It doesn't matter much if something is a target if the ammo can't hit it.
EDIT: The following links to an excellent report and discussion concerning zero-day exploits, and if/when to publically report them. Well worth considering the ethical and security implications. Sometimes things are not as simply black and white as we like to believe.
https://www.technologyreview.com/2021/03/26/1021318/google-security-shut-down-counter-terrorist-us-ally/
"Use data" is very confusing. My interpretation is that, if you're not on Wi-Fi (only have a cellular connection), then RCS is only end-to-end encrypted when sending things which are pure data (messages, images, etc). Not voice calls. But that's unclear.
Anyway, as far as I can tell from reading something other than a Wiki the security and privacy provided by Google's now-encrypted RCS is the equal of iMessage. There is no provision for a man in the middle, tho of some interest the Brits do have a way devised of becoming a "ghost-eavesdropper" in an iMessage conversation. Their method would not work for injecting themselves in a Google RCS message exchange since E2E encrypted RCS is only permitted between two people who have the only existing keys and not a group.
My guess is Google is totally aware of the possibility of being forced into letting another listener in a secured messaging session and is purposely removing it as doable, but quietly and under the radar rather than with fanfare. They did this when they secured cloud uploads with the keys existing only on the owners own device and in such a manner that not even Google could un-encrypt them. They put it in place late on a Friday and totally unannounced in advance, not even vetted with government authorities before doing it.
Just an observation: Your personal cloud data is far more secure from "authorities" or any other prying eyes on Android than it is with iOS. Google doesn't possess a key to it while Apple does, and therefore couldn't comply with a legal decryption order even if presented with one. In fairness Apple reportedly wanted to do the same with iCloud but didn't because IMHO they were a little too chatty, wanting to be far too vocal about it for likely competitive advantage reasons, and attracted the wrong type of feedback from law agencies.
Making quiet changes has its advantages.
While we're only talking about text messages here, the 'C' in RCS encompasses much more than that. And that's a big part of what makes Apple's solution so good: you get secure messaging (Messages) + IP voice & video calls (FaceTime). If the RCS group is aiming to win Apple over, they need to provide something which encompasses all of those. Which they have, in theory, but in practice it seems like different carriers have different levels of feature and encryption support.
Have you even read Apple's security overview for iCloud services? The only thing Apple has the key to is the iCloud backup of your messages (as stated in that overview, along with the reason). If you turn off iCloud backup for Messages (as I have), then they don't have access to anything. Messages in iCloud is end-to-end encrypted.
As for "sneaking things in on a Friday afternoon", that's a joke right? If the government really wanted to, they could pass a law requiring a master decryption key. But they haven't, and so Apple is under no obligation to do it (same as Google).
If you're going to take others to task for reading the details of Google's technology before making statements, you might want to do the same.
https://www.reuters.com/article/us-apple-fbi-icloud-exclusive/exclusive-apple-dropped-plan-for-encrypting-backups-after-fbi-complained-sources-idUSKBN1ZK1CT
That sent me looking, and I found an answer to your earlier question, whether that encryption extends to Duo (Google version of Facetime), just as Facetime is on my iPhone. Yes it's also E2E secured
"For Duo calls, end-to-end encryption means that a call’s data (its audio and video) is encrypted from your device to your contact’s device. The encrypted audio and video can only be decoded with a shared secret key.
This key:
Even if someone gains access to the data for the call, they won’t understand it because they don’t have the key."
https://support.google.com/duo/answer/9280240?h