Google has announced that end-to-end encryption is rolling out to users of Google Messages, Android’s default SMS and RCS app. The feature has been in testing for months, and now it’s coming to everyone.
Encryption in Google Messages works only if both users are on the service. Both users must also be in a 1:1 chat (no group chats allowed), and they both must have RCS turned on. RCS was supposed to be a replacement for SMS—an on-by-default, carrier-driven text messaging standard. RCS was cooked up in 2008, and it adds 2008-level features to carrier messaging, like user presence, typing status, read receipts, and location sharing.
Text messaging used to be a cash cow for carriers, but with the advent of unlimited texting and the commoditization of carrier messaging, there’s no clear revenue motivation for carriers to release RCS. The result is that the RCS rollout has amounted to nothing but false promises and delays. The carriers nixed a joint venture called the “Cross-Carrier Messaging Initiative” in April, pretty much killing any hopes that RCS will ever hit SMS-like ubiquity. Apple executives have also indicated internally that they view easy messaging with Android as a threat to iOS ecosystem lock-in, so it would take a significant change of heart for Apple to support RCS.
The result is that Google is the biggest player that cares about RCS, and in 2019, the company started pushing its own carrier-independent RCS system. Users can dig into the Google Messages app settings and turn on “Chat features,” which refers to Google’s version of RCS. It works if both users have turned on the checkbox, but again, the original goal of a ubiquitous SMS replacement seems to have been lost. This makes Google RCS a bit like any other over-the-top messaging service—but tied to the slow and out-of-date RCS protocol. For instance, end-to-end encryption isn’t part of the RCS spec. Since it’s something Google is adding on top of RCS and it’s done in software, both users need to be on Google Messages. Other clients aren’t supported.
Google released a whitepaper detailing the feature’s implementation, and there aren’t too many surprises. The company uses the Signal protocol for encryption, just like Signal, Whatsapp, and Facebook Messenger. The Google Messages web app works fine since it still relies on an (encrypted) local connection to your phone to send messages. Encrypted messages on Wear OS are not supported yet but will be at some point (hopefully in time for that big revamp). Even though the message text is encrypted, third parties can still see metadata like sent and received phone numbers, timestamps, and approximate message sizes.
If you and your messaging partner have all the settings right, you’ll see lock icons next to the send button and the “message sent” status.