Should You Consider Discontinuing the Use of RCS on Your iPhone or Android Device?

Should You Consider Discontinuing the Use of RCS on Your iPhone or Android Device?

This year was supposed to see messaging becoming smoother, not more tangled. The arrival of RCS on iPhones hinted at exciting developments, we were informed, but then the FBI cautioned about hacked messages and everything shifted drastically. So, is it wise to abandon RCS?

RCS has a questionable reputation and lacks clarity. To put it plainly, RCS represents a new type of carrier messaging with advanced features. This upgrade to SMS incorporates the benefits we enjoy with IP messaging on apps like WhatsApp and iMessage, but it maintains the strengths of carrier messaging, like working on a core cellular connection without requiring data.

RCS should have been embraced by both iOS and Android when it debuted some time ago—but it didn't. This meant that it became an upgrade for Android users, leading Google to oversee its global deployment, pushing Google Messages as the primary texting client on Android rather than individual carriers and manufacturers.

Because of Google's involvement in the RCS rollout via Google Messages, it filled in the gaps in RCS functionality by incorporating its own technology. While RCS is essentially a carrier messaging protocol like SMS, Google's proprietary tech adds extra features for its users. Primarily, this allowed Google to tackle RCS's major flaw—security, but only for its users.

End-to-end encryption has become essential for phone messaging. Popularized by apps like iMessage and WhatsApp, it has been adopted by other major platforms, even Facebook Messenger. Security experts advise using encrypted platforms for daily messaging.

Carrier messaging has never offered end-to-end encryption. Instead, messages are routed across various cellular networks, much like calls. This allows for differences in apps at the ends, as long as they both use the same RCS protocol. There's no need for encryption keys to be exchanged or held, as it's an open standard.

Google's solution was straightforward. It added end-to-end encryption to Google Messages, essentially providing a secure envelope for transmitting RCS messages. However, this only works when both parties use Google Messages. If one party doesn't, the message falls back to the standard RCS protocol, and end-to-end encryption isn't used.

For Android users, this wasn't a problem when RCS was exclusive to Android and Google was standardizing users onto Google Messages. But once RCS was introduced on iPhone, the glaring security issue became a significant problem. Now, there were billions of RCS-enabled devices that didn't use Google Messages.

Such security concerns prompted outcry following iOS 18, leading the mobile standards organization—GSMA—and Google to announce a potential fix. Adding end-to-end encryption to the standard RCS protocol was the proposed solution, but how and when this would be implemented remains unclear due to complex carrier issues.

In reality, it's not necessarily needed. Before Apple's release of iOS 18, there was only one RCS app worth considering—Google Messages. Since then, there are only two relevant apps—Google Messages and iMessage. A change to the RCS protocol seems unnecessary—it seems useless. Instead, Apple and Google should establish a secure connection between their messaging apps to enable full encryption for iPhone-Android messaging.

This seems achievable, and there's an example to draw upon: WhatsApp has developed a third-party chat architecture enabling encrypted platforms to securely communicate with WhatsApp and vice versa, even when messages are sent outside of its own service. While less secure than messaging within its own platform, it's more secure than not using encryption at all. It also helps protect messages from being intercepted, like on SMS or RCS.

Another example worth considering is from the COVID-19 pandemic. At that time, Apple and Google collaborated on contact tracing warnings, providing a seamless connection between their two ecosystems. Bridging their messaging apps would be much simpler than that. This is a commercial, not a technical, issue.

There's still no sign of progress. But in a world where U.S. federal agencies are urging users to avoid texting, one would hope for a change of perspective, at least for practical reasons. Messaging security has never been more debated.

Apple's stance on RCS is straightforward. "When your device connects to your cellular network, it communicates with your carrier and their partners to set up RCS. User identifiers are exchanged to authenticate your device and provide a connection. These identifiers could include but are not limited to your IMEI, IMSI, IP address, and phone number. Your current IP address might also be shared with other RCS users." This applies to any RCS usage on iPhones—it is never fully encrypted.

However, you should enable RCS on your iPhone or Android, and use Google Messages on Android. You should not refrain from using RCS. It's safer than SMS, although it has its flaws. But you should treat RCS messaging in a similar manner to SMS—avoid sending sensitive or personal information, like credit card numbers or other financial data, and avoid using it for confidential business information, especially given the availability of fully encrypted alternatives.

Despite the security concerns with RCS, especially after its introduction on iPhones, it's recommended to enable RCS and use Google Messages on Android. RCS is generally safer than SMS, but sensitive information should still be avoided in RCS messages due to its lack of full encryption.

The FBI's warning about hacked messages on RCS led to a shift in focus, raising questions about the security of carrier messaging. This raises the question: should we abandon RCS altogether or find a solution to enhance its security?

Google added end-to-end encryption to Google Messages for Android users, but this feature only works when both parties use Google Messages. This leaves a significant number of RCS-enabled devices, particularly those using iPhones, without encryption protection.

Google and Apple have the potential to establish a secure connection between their messaging apps to enable full encryption for iPhone-Android messaging. This approach, similar to that of WhatsApp, would provide a more secure alternative to traditional SMS and RCS messaging.

The lack of end-to-end encryption in carrier messaging, including RCS, has raised concerns about the security of messages sent across various cellular networks. This is particularly true in light of recent advancements in messaging technology, such as the arrival of RCS on iPhones.

Read also: