News: 0176713447

  ARM Give a man a fire and he's warm for a day, but set fire to him and he's warm for the rest of his life (Terry Pratchett, Jingo)

RCS Messaging Adds End-to-End Encryption Between Android and iOS (engadget.com)

(Friday March 14, 2025 @12:40PM (msmash) from the moving-forward dept.)


The GSM Association has released [1]new specifications for RCS messaging incorporating end-to-end encryption (E2EE) based on the Messaging Layer Security protocol, six months after iOS 18 introduced RCS compatibility.

The specifications ensure messages remain secure between Android and iOS devices, making RCS "the first large-scale messaging service to support interoperable E2EE between client implementations from different providers," said GSMA Technical Director Tom Van Pelt.

The system combines E2EE with SIM-based authentication to strengthen protection against scams and fraud. Apple confirmed it "helped lead a cross industry effort" on the standard and will implement support in future software updates without specifying a timeline. Google's RCS implementation has featured default E2EE since early 2024.



[1] https://www.gsma.com/solutions-and-impact/technologies/networks/gsma_resources/gsma-rcs-universal-profile-3-0-specifications/


Well this fixes one issue (Score:2)

by Virtucon ( 127420 )

It's good to see some action after the FBI's [1]warning [forbes.com].

Now, if we can get solutions for smishing and vendors using SMS for 2FA we'd be much better off.

[1] https://www.forbes.com/sites/zakdoffman/2024/12/06/fbi-warns-iphone-and-android-users-stop-sending-texts/

Government overreach (Score:2)

by ixus2600 ( 8735377 )

I wonder how long before the UK Government want a backdoor

Re: (Score:2)

by ls671 ( 1122017 )

I suspect it might already be backdoored by design. The only way I know to send a truly message encrypted is by using the recipient public key to encrypt it. Then, the recipient decrypts it using his private key only himself is supposed to have. Not sure that "end to end" RCS does that,

It would need to have to have some kind of key management system. I guess your phone could first send a RCS message asking for his public key, then send the encrypted message. Anyway, I'd like to know more about how it works

Re: Government overreach (Score:2)

by ArmoredDragon ( 3450605 )

Or you can just read the RFC:

[1]https://www.rfc-editor.org/rfc... [rfc-editor.org]

And if in doubt, do your own implementation based on that. Or use OpenMLS:

[2]https://github.com/openmls/ope... [github.com]

Side note: Strange how apple claims to be "leading" here given MLS is derived from the signal protocol, which their solution isn't at all similar to and has various known weaknesses that signal doesn't share, nor do they appear to have contributed to MLS in any way. Maybe just typical apple face saving shit over their stage 5 NIH syndrome?

[1] https://www.rfc-editor.org/rfc/rfc9420.html

[2] https://github.com/openmls/openmls

oh good, SIM-based (Score:2)

by drinkypoo ( 153816 )

I certainly trust the SIM that my carrier gave me to serve only my goals

Re: (Score:2)

by ichthus ( 72442 )

Interesting. I hadn't considered the fact that RCS, like SMS, is routed from ph# to ph#, so the carrier is necessarily involved -- it's not over the internet? So, what's the transport layer? Does it ride atop of MMS, or is it something else entirely?

Re: oh good, SIM-based (Score:2)

by imcdona ( 806563 )

It's plain SIP. It's MSRP instead of RTP. Not sure why the SIM is in the picture.

Re: (Score:2)

by karmawarrior ( 311177 )

The key has to be stored somewhere. If you switch phones, you don't want people sending you messages you can't decrypt.

No Civil War picture ever made a nickel.
-- MGM executive Irving Thalberg to Louis B. Mayer about
film rights to "Gone With the Wind".
Cerf/Navasky, "The Experts Speak"