iPhone-Android RCS Conversations Are End-To-End Encrypted In iOS 26.5 (macrumors.com) 26
Apple says end-to-end encryption for RCS messages between iPhone and Android is now available in iOS 26.5, though the feature is still considered beta and depends on carrier support on both sides. MacRumors reports: Apple says that it worked with Google to lead a cross-industry effort to add E2EE to RCS. iOS users will need iOS 26.5, while Android users will need the latest version of Google Messages. End-to-end encryption is on by default, and there is a toggle for it in the Messages section of the Settings app. Encrypted messages are denoted with a small lock symbol. On iPhones not running iOS 26.5, RCS messages between iPhone and Android users do not have E2EE, but the new update will put Android to iPhone conversations on par with iPhone to iPhone conversations that are encrypted through iMessage.
Along with Google, Apple worked with the GSM Association to implement E2EE for RCS messages. E2EE is part of the RCS Universal Profile 3.0, published with Apple's help and built on the Messaging Layer Security protocol. RCS Universal Profile 3.0 also includes editing and deleting messages, cross-platform Tapback support, and replying to specific messages inline during cross-platform conversations.
Along with Google, Apple worked with the GSM Association to implement E2EE for RCS messages. E2EE is part of the RCS Universal Profile 3.0, published with Apple's help and built on the Messaging Layer Security protocol. RCS Universal Profile 3.0 also includes editing and deleting messages, cross-platform Tapback support, and replying to specific messages inline during cross-platform conversations.
Not that useful (Score:1)
Re: (Score:3)
So? Content is critical, everything is just plausible deniability. If you're concerned about someone knowing that you texted someone to the point where you're afraid even if they have no idea of the content of the message then get a burner phone.
Re: (Score:3)
That still brings the question which problem is RCS trying to solve? And why do we want carriers to have control on text messages sent between two people?
SMS/MMS and RCS all suck. Less than single-platform solutions like iMessage, but still suck as long as carriers have control on it (I can't just create my own RCS server and use it to communicate with my contacts) and is based on a phone number (again, which is region-locked and controlled by the carrier).
Good messaging solutions work on any internet-conne
Re: (Score:2)
That still brings the question which problem is RCS trying to solve?
Everything not described in my edge case. Just because someone knows that you texted your friend at 2pm today doesn't mean you want them to know that you were arranging a gay romp in the forest
And why do we want carriers to have control on text messages sent between two people?
The key there is in the 6th word of the sentence. You know what the carrier is right? It's someone who shuffles something from A to B. You don't want it, but you may need it if you haven't setup an alternate form of communication.
SMS/MMS and RCS all suck.
Yes the only thing worse is not being able to talk at all. iMessage is great, doesn't wor
Re: (Score:2)
Well SMS/RCS doesn't work with the phone number on my business card either because it's an office landline/voip. So it's no better than the other application you criticize as not being universal enough.
Good messaging systems work. Period. SMS/MMS and RCS often work when your internet doesn't, even on insanely congested networks.
I rather not have the carrier in control, and not have a protocol depending on a phone number which I don't own, rather than have something that will work the 0.001% of the time where my Internet is too congested to send a simple message. Also I don't think RCS works any better as it uses the data connection,
Re: (Score:3)
So? Content is critical, everything is just plausible deniability. If you're concerned about someone knowing that you texted someone to the point where you're afraid even if they have no idea of the content of the message then get a burner phone.
Metadata can absolutely tell a story, we learned that from Edward Snowden. Consider the following:
Girl takes 5 minute call from fertility clinic.
Girl makes one hour call to mother.
Girl makes 10 minute call to boyfriend.
Girl does not accept any more calls from boyfriend.
Sure there's missing details, but it paints a picture.
Re: Not that useful (Score:1)
Significant (Score:2)
When it's known that there is state-level actors listening across on the wire, end-to-end encryption is a pretty significant step forward, even if it took basically a decade to get here.
Apple's driving consumer behavior on the exclusive "blue bubble" while fighting the adoption of good standards always seemed like 90's Microsoft behavior to me.
Re: (Score:2)
Apple's driving consumer behavior on the exclusive "blue bubble" while fighting the adoption of good standards always seemed like 90's Microsoft behavior to me.
Well, it wasn't just Apple. Google was cynically playing that tune on repeat for marketing purposes - while not letting anyone on Android who wasn't using Google's own apps to encrypt RCS either.
Re: (Score:2)
RCS isn't a good standard. It was so crappy that Google essentially bought it, added the minimum necessary to turn it into an acceptable messaging platform and made their proprietary version (as opposed to the original GSM's proprietary version) their messaging platform. Er, their fourth (fifth?) messaging platform.
and the question everyone is asking is (Score:3)
does anyone (govt etc) have back-door access to it?
It seems that lately governments are "insisting" on back-doors into user-encryption, going so far as to bar sales of products to their citizens that they can't just look at anytime they feel like it.
We need to read your texts to stop Terrorism! and Think of the Children!
Re:and the question everyone is asking is (Score:5, Interesting)
So the most trust is on the messaging app and if the app is bad, then the E2E implementation is moot anyways when they control an end. But with it not being post-quantum yet, there's still the risk of collect and store until quantum computers get good enough to crack. And if your data is "state-actor shouldn't see" level confidential, then sending as a standard text probably isn't the right choice since the metadata is visible.
Re: (Score:1)
Re: (Score:2)
These are such BS marketing fluff. It's been decades and IBM shut down their fun little Cloud Quantum experiment where regular people could run simple little sets of gates.
The record for quantum computer size seems to be 6,000 qbits right now, but they can only be held together for a few seconds at most. I don't think quantum computers will become a reality any time soon, and there is still a considerable debate on if some of these more advanced quantum gate based algorithms can
Re: (Score:3)
Re: (Score:2)
Let me know when there's an RFC or protocol that eliminates human stupidity.
Well we objectively had less stupidity back when we had DEI hires instead of DUI hires.
Re: (Score:2)
Let me know when there's an RFC or protocol that eliminates human stupidity.
"Two things are infinite: the universe and human stupidity; and I'm not sure about the universe" - Einstein
Re: and the question everyone is asking is (Score:1)
Re: (Score:2)
Re: (Score:2)
It's worth figuring out what your threat model is. There probably are ways that some government agencies can get into iPhones or decrypt these messages, and they probably are collecting all the encrypted data in case quantum computers can decrypt it later.
But are they going to waste any of that on you? Unless you are a high value target for them, and unless they intend to avoid any judicial process where their capabilities might become public, they probably aren't going to use their best tools to help the l
Re: (Score:2)
Is it truly E2EE if it requires carrier support?
As I understand it, the carrier has to carry the encryption request across its network to the target phone carriers network which passes it along to the target device, and then carry all the agreements to encrypt back along the path to the originating device. In the US, it would appear most (all?) of the major carriers do support that capability, but of course not all phones may currently support encryption. Once both ends agree/accept, one can establish E2EE.
Anyone have an E2EE over SMS protocol? (Score:1)
In principle, I can send your phone arbitrary unlimited data using just SMS, subject only to rate-limiting and management of dropped, delayed, or out-of-order SMS messages.
If I have your public key, I can send it to you encrypted.
In practice, I don't know if such a thing exists.
Re: (Score:2)
OTR might be small enough.
The Axolotl Ratchet is much better but perhaps too big for SMS.
TextSecure probably would have offered it were that feasible.
Of course if you can arrange one-time pads you're 1:1 at 140 characters.