Google Criticized for ‘Misleading’ Encryption Claims About Its Text-Messaging App
Google’s app store claims that their text-messaging app Google Messages means “conversations are end-to-end encrypted”.
“That is some serious bullshit,” argues tech blogger John Gruber:
It’s shamefully misleading regarding Google Messages’s support for end-to-end encryption… Google Messages does support end-to-end encryption, but only over RCS and only if all participants in the chat are using a recent version of Google Messages. But the second screenshot in the Play Store listing flatly declares “Conversations are end-to-end encrypted”, full stop…
I realize that “Some conversations are end-to-end encrypted” will naturally spur curiosity regarding which conversations are encrypted and which aren’t, but that’s the truth. And users of the app should be aware of that. “RCS conversations with other Google Messages users are encrypted” would work.
Then, in the “report card” section of the listing, it states the following:
Data is encrypted in transit
Your data is transferred over a secure connection
Which, again, is only true sometimes. It’s downright fraudulent to describe Google Messages’s transit security this way…. [D]epending who you communicate with —
iPhone users, Android users with old devices, Android users who use other text messaging apps — it’s quite likely most of your messages won’t be secure… E2EE is never available for SMS, and never available if a participant in the chat is using any RCS client (on Android or Apple Messages) other than Google Messages. That’s an essential distinction that should be made clear, not obfuscated.
Gruber’s earlier blog post had pointed out that the RCS standard “has no encryption; E2EE RCS chats in Google Messages use Google’s proprietary extension and are exclusive to the Google Messages app, so RCS chats between Google Messages and other apps, most conspicuously Apple Messages, are not encrypted.”
And in his newer post, Gruber adds, “While I’m at it, it’s also embarrassing that Google Voice has no support for RCS at all. It’s Google’s own app and service, and Google has been the world’s most vocal proponent of RCS messaging.”
Source link