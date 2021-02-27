



There are serious issues affecting hundreds of millions of Android users around the world. It was supposed to be flagged by a huge backlash that suddenly hit WhatsApp in January. But even if it endangered you and your personal information, it received surprisingly little attention. Here’s what you need to know.

Android messages have a serious security issue.

Getty

Good news for this week’s Android message users. After a while, you can now schedule the text to be sent automatically. This will improve the way you communicate and keep you in touch. According to Google, 500 million people around the world use messages to contact family and friends seamlessly and securely every month. It seems seamlessly. But safely? It may not be.

From almost nowhere, 2021 has been the focus of lagging behind and welcoming security and privacy, or lack of it, in the messaging apps we all use on a daily basis. WhatsApp has been blamed for its wide range of data collection and back-end links to its owner’s Facebook. Messenger has been taken out due to various security and privacy breaches. And iMessage is praised for its further advances in protecting Apple’s user base.

One of the platforms that seems to have escaped this attention is Google’s Android Messages. This is amazing given the hundreds of millions of users. For Android users, this may be the default. If not, if you are a Samsung message user, read that these serious issues affect exactly the same.

Android messages, Samsung messages, and their equivalents are just SMS clients and are currently being upgraded to Rich Communication Services or RCS basic SMS for the 21st century. If you read this column regularly, you will know that SMS fails gloomy when it comes to protecting your data. If you naturally expect RCS to fix this issue, think again. Out-of-box RCS isn’t as secure as SMS.

When Google accelerated RCS deployment in 2019, German SR Labs upgraded SMS to RCS without rethinking security, exposing most mobile users to hacking and sufficient RCS provisioning on many networks. It warned that a hacker could completely hijack a user account because it is not protected. Also, Google Messages does not implement sufficient domain and certificate validation, allowing hackers to intercept and manipulate communications via DNS spoofing attacks.

Perhaps you already have an RCS chat update for the Android messaging app, or you have features on Samsung’s own platform. The use of Google’s messaging app is backed by a Google platform separate from the carrier, so you can move to RCS. Samsung’s deployment is more patched, but if you don’t have one yet, it’s on the way. It’s easy to tell if your phone has RCS and it unlocks more features than SMS. However, while RCS may look like iMessage or WhatsApp, it’s not.

The problem is message security. We cannot escape the fierce debate over end-to-end encryption. After all, it was WhatsApps’ defense against recent backlash. WhatsApp goes a step further this week, confirming that if the app doesn’t provide end-to-end encryption by default, some of its competitors are trying to escape by claiming they can’t see people’s messages. It warns that tens of millions of users have stopped the alternative. They can read your message.

On the surface, this is an attack on Telegram, which (ironically) fails end-to-end encryption of messages by default, even though it claims security as one of its main benefits. Notorious for that. But the same crypto criticism applies not only to Facebook Messenger, but also to Android messages (and Samsung messages), regardless of whether the app has been updated to RCS. Given the backlash, I’ve seen a tech site proposing Android messages instead of WhatsApp. This is very bad advice.

Fans of Android messages point out that Google has added the long-awaited end-to-end encryption to its RCS messaging platform. Currently in beta. However, this has too many warnings to recommend its use. First, only the beta version. This means that you and the people you chat with must be registered and used in the beta program. More seriously, end-to-end encryption in Android messages is of the same limited type as Telegram.

Like Telegram, Google’s RCS end-to-end encryption works only between two individuals, groups don’t, and only one device per person. This is basic and is not close to the level of security provided by Apple’s iMessage, Signal and WhatsApp. Both of the latter two, of course, are available for Android and are far superior to RCS. You can also make Signal the default messaging app.

Before Google released the end-to-end encrypted beta, we asked if it addressed any of the flagged RCS security issues. They did not respond. Subsequent crypto betas are too restrictive to solve the problem. Also, if Google’s RCS shifts traffic from the network system, its security is better than Facebook Senger, whose data is exposed to the platform.

As Google says, Google’s chat feature uses Transport Layer Security (TLS) encryption to protect your messages. This means that if you try to intercept a message between you and Google, you will only see encrypted, unreadable text. Google, however, can see everything. This is the main criticism leveled in Facebook Messenger. There is no difference here either.

FORBESD Details Don’t lose WhatsApp for 7 days-change this important setting now ByZakDoffman

It’s important for Android message users to understand these differences WhatsApps The debate over privacy (or lack of it) is how difficult it is for many users to understand the security differences between the different apps offered. Is emphasized. And the idea that users may quit WhatsApp for Android or Samsung Messages is a big step backwards. That said, tens of millions of people are reported to be flocking to Telegram, which is a bit better from a security standpoint. I have previously warned about this.

Besides encryption, there is another reason to quit the Google Messages app. The WhatsApp backlash was initially triggered by Apple’s privacy label, requiring app developers to disclose the data they collected from users. It quickly became clear that WhatsApp was quite different from peersSignal, iMessage and Telegram.

When it comes to world-leading data harvesters, Google is often grouped with Facebook. You can’t see the privacy label on your Android message, but obviously there’s no iOS app, but you can look into Gmail to understand Google’s data collection policy and compare it to Apple’s equivalent policy. Not surprisingly, it’s pretty terrible.

Google Gmail vs Apple Mail

“Privacy Label” on the Apple App Store

Now let’s get back to the WhatsApps warning. If the message is not end-to-end encrypted, it means that the platform can read the message. For example, we know that Facebook reads messenger content to monitor policy violations. Google can do the same. When the message goes through the RCS platform, the message is encrypted between the mobile phone and Google, but not end-to-end. And Google has the key to that encryption.

It’s as no-no as Facebook Messenger until Google’s RCS provides end-to-end encryption by default and can provide that level of security and 1: 1 messaging to groups. And Samsung’s alternative is exactly the same.

So what should you do? You should stop using these apps and choose end-to-end encryption instead. WhatsApp is (ironically) a much better option, despite Facebook’s presence in the background. Otherwise, if Android users don’t have access to iMessage (which has the best security architecture of all), then you should choose Signal with the best safety options with a rapidly expanding user base. there is.

