2 min Security

Google Messages criticized for lack of full encryption

Google Messages criticized for lack of full encryption

Google Messages’ use of E2EE (end-to-end encryption) for messages and calls is causing confusion among users and criticism in media outlets. The encryption appears to be far less advanced than Google itself indicates.

Information on the Google Messages website suggests that messages are encrypted. According to the blogger Darinfireball.net, this is not true. Google Messages uses E2EE, but only via RCS (Rich Communication Services, the successor to SMS) and only if all participants in the conversation are using a recent version of Google Messages.

The “report card” section of the Play Store page further states: Data is encrypted during transfer. Your data is transferred over a secure connection“.

Messages are often not encrypted

However, this is not always the case. Depending on who you communicate with—iPhone users, Android users with old devices, or Android users using other text messaging apps—chances are most messages are not secure.

E2EE between Google Messages users and Android phones that support RCS is completely seamless and automatic. However, E2EE is never available for SMS. It is also never available if a participant in the chat uses an RCS client (on Android or Apple Messages) other than Google Messages.

There are also complaints that Google Voice does not support RCS at all. Google itself encourages this, though it doesn’t seem to have adopted it in its own services fully.

Unclear display

Additionally, users notice that Google Messages gives all RCS message bubbles the same colors (dark blue with white text). SMS messages are light blue with black text. Google Messages does show a small lock icon in the timeline to indicate when an RCS chat is secure, and they also place a lock badge on the airplane icon of the send button, so there are visual indications of whether an RCS chat is encrypted.

But because the colors of the message bubbles are the same for all RCS chats, the difference is subtle and not immediately obvious, as with Apple Messages. There, green means “SMS or RCS, never encrypted,” and blue means “iMessage, always encrypted.”

Also read: These encryptions are set to survive the quantum revolution