GSMA created a RCS - that is a protocol. Then they released a “basic spec”- Universal Profile. Anyone who implements this spec can guarantee that their RCS messages will work with anyone else’s messages.
Some internet providers, network manufacturers, some OEMs implemented Universal Profile (UP here and next) in their systems. And also Google and Microsoft announced they have done Universal Profile too. Check this list of parties that created their own thing, with a UP = they are all working together
So. At this point in history you have nothing to do with Google. If you want to receive and send RCS, you have a spec to follow and a protocol to use. Everyone else with UP will be able to communicate with you. You can add some nice things above UP, with the understanding that only your clients will enjoy them. Think about it as AOSP (bare android) vs Google’s pixel android vs Samsung’s android vs Xiaomi’s thing. They are independent, but they have some specs to follow, and it is still android behind the doors.
At some point in time Google said to providers: "Either you are joining the movement and create your own infrastructure with UP spec to work with RCS (and then the “text messages” are still going through your provider, as the SMS do), or we will transfer the messages via our own servers (since you don’t support the protocol to move them through you).
This was criticized, because GMSA’s RCS protocol does not support e2e encryption. This is ridiculous complain, because SMS are not encrypted and ARE FULLY VISIBLE TO ANYONE including your provider, and a hacker with 100 dollars to spend on SS7 attacks. If you are not a hacker, in our and other countries there is a subscription model for SS7 vulnerability based “hacks”.
Anyways.
Google said ok, and implemented Signal protocol for e2e above RCS. Think again about difference with AOSP android and Pixel android - you can have nice things on top.
So. Nowadays. There is a Messages app on your phone. If you want to, it will send RCS. Because it is Google’s version, it supports e2e. If your provider has implemented RCS, the message goes through your provider (as the rest of SMS). Most providers don’t bother, so the RCS goes through Google’s servers. Since right now you’re only sending RCs between a Google’s version to a Google’s version, everything is e2e encrypted (and evil google won’t read this tiny bit of your information on top of everything they know about us 😌).
If Apple implements RCS, the situation will be similar.
Apple will use their app to send RCS to non-imessage contacts. Providers with RCS support will handle the messages (just like they do with SMS). Otherwise Apple will handle their part and on the receiving end a provider with RCS support or google do the rest.
Important note: protocol as it is written is not e2e. So if Apple continue to be pricks, they will implement the bare minimum and will say: “Use imessage, it is safe, don’t use green bubbles, they are unsafe”. The other option: they can push GSMA to update the protocol with e2e. Or they can adopt Google’s version with Signal protocol on top. Sometimes this happens with specs - a large player can force everyone to support extra features.
P.S. messages via pigeons are waaaaaay more secure than SMS. For a fun time, search for something like “examples of SS7 vulnerabilities / attacks” and enjoy reading. That’s why 2G, parts of 3G and SMS must die - SS7 is insanely broken (it was created before security was invented as a word)
I appriciate your detailed reply. I am still a bit confused though.
If Google is “the man in the middle”, and Apple decides not to create thier own RCS or UP protocol, this seems to imply iphone users are now sending thier information to Google servers (Google will now have your information), in addition to Apple and the phone carrier. Is this correct?
Very possible I am misunderstanding everything, due more to my ignorance than your explanation. Thank you for your patience.
If Apple doesn’t implement Signal and if they don’t contribute to the RCS protocol (they can do it, the same way as they do for the Qi charging thing, they did contributed to the same type C standard they were avoiding all this time, they do contribute to av1 codec etc etc)
And at least one of the 2 service providers does not have RCS implemented yet
then the info will go through google eventually, and if it is not e2e, then Google will see it.
Just a reminder, they do currently send SMS to android, and sms is fully unencrypted and fully visible to virtually anyone (including to google and everyone in the country on the receiving end).
I doubt Apple will ignore e2e just to flip Google with “green bubbles are insecure, use iMessage”. And people (if they are not Pavel Durov of Telegram) have a lot of faith in Signal protocol, so they don’t have to revolutionize anything - there is a good enough thing to implement.
And if Google and Apple both use Signal on top of the standard, it will become standard.
Safe to assume them that Apple will utilize the bare minimum for RCS.
When Apple implements RCS, was there any information on whether it’ll be dependent on the carrier or if Apple will build their own RCS infrastructure? Cuz I suspect it’ll be the former.
And if Apple does build their own RCS infrastructure, I highly doubt it’ll have E2E encryption as that’s essentially iMessage. Will E2E encryption work if one side is Apple and the other side is Google?
And for any RCS messages that doesn’t go through Google, does this mean that RCS is still being used sans E2E encryption? What does it look like in the Messages app?
Oversimplified:
GSMA created a RCS - that is a protocol. Then they released a “basic spec”- Universal Profile. Anyone who implements this spec can guarantee that their RCS messages will work with anyone else’s messages.
Some internet providers, network manufacturers, some OEMs implemented Universal Profile (UP here and next) in their systems. And also Google and Microsoft announced they have done Universal Profile too. Check this list of parties that created their own thing, with a UP = they are all working together
So. At this point in history you have nothing to do with Google. If you want to receive and send RCS, you have a spec to follow and a protocol to use. Everyone else with UP will be able to communicate with you. You can add some nice things above UP, with the understanding that only your clients will enjoy them. Think about it as AOSP (bare android) vs Google’s pixel android vs Samsung’s android vs Xiaomi’s thing. They are independent, but they have some specs to follow, and it is still android behind the doors.
At some point in time Google said to providers: "Either you are joining the movement and create your own infrastructure with UP spec to work with RCS (and then the “text messages” are still going through your provider, as the SMS do), or we will transfer the messages via our own servers (since you don’t support the protocol to move them through you).
This was criticized, because GMSA’s RCS protocol does not support e2e encryption. This is ridiculous complain, because SMS are not encrypted and ARE FULLY VISIBLE TO ANYONE including your provider, and a hacker with 100 dollars to spend on SS7 attacks. If you are not a hacker, in our and other countries there is a subscription model for SS7 vulnerability based “hacks”.
Anyways. Google said ok, and implemented Signal protocol for e2e above RCS. Think again about difference with AOSP android and Pixel android - you can have nice things on top.
So. Nowadays. There is a Messages app on your phone. If you want to, it will send RCS. Because it is Google’s version, it supports e2e. If your provider has implemented RCS, the message goes through your provider (as the rest of SMS). Most providers don’t bother, so the RCS goes through Google’s servers. Since right now you’re only sending RCs between a Google’s version to a Google’s version, everything is e2e encrypted (and evil google won’t read this tiny bit of your information on top of everything they know about us 😌).
If Apple implements RCS, the situation will be similar. Apple will use their app to send RCS to non-imessage contacts. Providers with RCS support will handle the messages (just like they do with SMS). Otherwise Apple will handle their part and on the receiving end a provider with RCS support or google do the rest.
Important note: protocol as it is written is not e2e. So if Apple continue to be pricks, they will implement the bare minimum and will say: “Use imessage, it is safe, don’t use green bubbles, they are unsafe”. The other option: they can push GSMA to update the protocol with e2e. Or they can adopt Google’s version with Signal protocol on top. Sometimes this happens with specs - a large player can force everyone to support extra features.
P.S. messages via pigeons are waaaaaay more secure than SMS. For a fun time, search for something like “examples of SS7 vulnerabilities / attacks” and enjoy reading. That’s why 2G, parts of 3G and SMS must die - SS7 is insanely broken (it was created before security was invented as a word)
I appriciate your detailed reply. I am still a bit confused though.
If Google is “the man in the middle”, and Apple decides not to create thier own RCS or UP protocol, this seems to imply iphone users are now sending thier information to Google servers (Google will now have your information), in addition to Apple and the phone carrier. Is this correct?
Very possible I am misunderstanding everything, due more to my ignorance than your explanation. Thank you for your patience.
So…
then the info will go through google eventually, and if it is not e2e, then Google will see it.
Just a reminder, they do currently send SMS to android, and sms is fully unencrypted and fully visible to virtually anyone (including to google and everyone in the country on the receiving end).
I doubt Apple will ignore e2e just to flip Google with “green bubbles are insecure, use iMessage”. And people (if they are not Pavel Durov of Telegram) have a lot of faith in Signal protocol, so they don’t have to revolutionize anything - there is a good enough thing to implement.
And if Google and Apple both use Signal on top of the standard, it will become standard.
Safe to assume them that Apple will utilize the bare minimum for RCS.
When Apple implements RCS, was there any information on whether it’ll be dependent on the carrier or if Apple will build their own RCS infrastructure? Cuz I suspect it’ll be the former.
And if Apple does build their own RCS infrastructure, I highly doubt it’ll have E2E encryption as that’s essentially iMessage. Will E2E encryption work if one side is Apple and the other side is Google?
And for any RCS messages that doesn’t go through Google, does this mean that RCS is still being used sans E2E encryption? What does it look like in the Messages app?