Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Encryption Android

The Android Messages App Now Offers End-To-End Encryption (engadget.com) 55

Along with a string of new features across several areas of Android, Google is at last turning on end-to-end encryption (E2EE) for everyone in the Messages app. Beta testers have been able to use E2EE messaging since November. From a report: E2EE in Messages is only available in one-on-one conversations for the time being, not group chats. Both participants need to have RCS chat features enabled to use it. You'll know if a message you're about to send will be encrypted if you see a lock icon on the send button.
This discussion has been archived. No new comments can be posted.

The Android Messages App Now Offers End-To-End Encryption

Comments Filter:
  • Seems to me, the only people that use this app are Pixel owners. Phone manufacturers generally install their own messaging app.
    • by Curtman ( 556920 ) *
      You can install it from the app store on any Android device. It will prompt you to become the default texting app.
    • by terpia ( 28218 )

      Pixel user, checking in. Google Messages is an okayish messaging app at best. I was using Pulse before I switched to Signal quite a while ago.

    • I do. I kind how if I'm near a real keyboard, it allows me to text via the web browser.

    • Don't buy a phone where the manufacturer put shitty clone-app that you cannot remove, like Samsung. Buy a phone with vanilla Android. My Nokia or the Motorolas of my family use the standard Android Message.

      • by Curtman ( 556920 ) *
        I'm currently using an old Samsung S7, you don't really need to remove the samsung apps. You can just use this instead.
    • I was using it for a while instead of the very basic "messages" app that OnePlus ships. Then I switched to Signal. The only thing I wish Signal had that Messages is able to do is to have a companion app you can use on a desktop / laptop the way you can with Google Messages / Apple iMessage that also receives plain old SMS forwarded from your phone.

  • by jfdavis668 ( 1414919 ) on Tuesday June 15, 2021 @04:20PM (#61491016)
    I only know where the beginning is, who knows where it ends?
    • This. Can I bring my own keys? How do I find the public keys of others?
      • by ArmoredDragon ( 3450605 ) on Tuesday June 15, 2021 @05:19PM (#61491216)

        As with TLS, trust has to be given at some point. Every day you trust big companies like identrust, digicert, godaddy and many others to guarantee that the domain you're visiting is who they claim to be. In this case, you'd be trusting google that the other person is who they claim to be.

        Though if apple would stop being stupid and finally support RCS, it could be a bit more decentralized as the major carriers would turn be induced into offering native support. Alas, apple will ban any app that might compete with imessage.

        • Though if apple would stop being stupid and finally support RCS

          I hope Apple never supports RCS. RCS is is still controlled by the carriers, allowing them to bill you for every message sent/received.
          For that reason, there is no RCS client that I can install on my computer (which doesn't have a cellular radio or SIM card).

          What we need, is for Google to switch to XMPP or whatever, a messaging standard which is cross-platform and not reliant on cellular radio access or a phone number as an ID.

          • by Curtman ( 556920 ) *

            What we need, is for Google to switch to XMPP or whatever

            Ermmm Isn't that Hangouts, which deprecated XMPP, then became another abandoned Google project? For a while it was the default messaging app for Android. What you can do with Android Messages, with the web messager (now called "device pairing" I think).. You can text from your PC, or even an Apple device in the web browser. It works pretty well.

            • What we need, is for Google to switch to XMPP or whatever

              Ermmm Isn't that Hangouts, which deprecated XMPP, then became another abandoned Google project?

              It's basically a rename. All conversations seems to be migrated to chats. But yes, abandoning XMPP was not a good thing.

              What you can do with Android Messages, with the web messager (now called "device pairing" I think).. You can text from your PC, or even an Apple device in the web browser. It works pretty well.

              It's not enough. There is not reason why an Internet-connected PC should need to piggy back on a cell phone, powered on, and with signal, to send or receive messages. SMS, RCS, and anything based on a phone number need to die.

              • by Curtman ( 556920 ) *
                It only has to piggyback on the cell phone if you want to use SMS/RCS functionality attached with that cell phone number though. I don't understand the problem. If Signal supported fallback to RCS and SMS that might really be something. Then I wouldn't need my recipients to install another Whatsapp or Telegram or whatever to receive my messages. This whole thing feels like the ICQ/MSN/AOL BS we went through years ago, come full circle.
                • It only has to piggyback on the cell phone if you want to use SMS/RCS functionality attached with that cell phone number though.

                  No it doesn't. You just can't install Signal for Windows on a PC and start using it, without first installing it on an Android/iOS phone and logging in.
                  https://signal.org/en/download... [signal.org]

                  I don't understand the problem. If Signal supported fallback to RCS and SMS that might really be something. Then I wouldn't need my recipients to install another Whatsapp or Telegram or whatever to receive my messages.

                  99% of your recipients would be receiving SMS then. And you would be propagating the use of SMS, which should be phased out.
                  Most of your contacts wouldn't be able to reply from their computer, unless they have Google Voice or some other way to sync their SMS between their phone and their PC.
                  Again, why do you insist on being

                  • by Curtman ( 556920 ) *
                    It only became acceptable when I could use Gain/Pidgin to communicate with all of them. If I were to switch to Signal today, I would lose benefits of RCS with the majority of my contacts. It's really not hard to find free sms numbers in North America at least... https://smsreceivefree.com/ [smsreceivefree.com]
          • Back to XMPP--I'm sure that will never happen
            • Just like Apple switching to RCS.
              It Apple switches to something, it would better be XMPP, or any standard which doesn't depend on mobile phone carriers.

              • Once they get big enough, every corporation stops caring about open standards and starts trying to protect their market/monopoly. It's a sad state.
      • > Can I bring my own keys?

        That would strictly reduce the security. So you wouldn't want to do that.

        The way it works is that the key is generated on your device.
        You're trusting your hardware and your OS.

        Suppose you imported a key from elsewhere.
        Then you'd be trusting be trusting that the external key source had never been compromised and never will be, plus trusting your hardware and your OS. You HAVE to trust the hardware and the OS - they provide the keyboard you type with and the screen you view it on.

    • I only know where the beginning is, who knows where it ends?

      Citizen! Password please!

    • by znrt ( 2424692 )

      no idea, but be sure to watch out and stop as soon as you spot the end!

      it doesn't get further anyway! ;-)

  • There are plenty of better alternatives, like Conversations (XMPP) or Matrix, which do not depend on one single corporation running them, with security being compromised by Google's monetary and the US-government's spying interests.
    • This is RCS, an open standard to replace SMS.

      • RCS is about 20 years too late, and this is one of many attempts to make non-Internet messaging relevant. E2E at least gets past the easy snooping on 4/5G networks.

        RCS does have some uses - that is, unlike all of Signal, Whatscrap, Telegram, Insta, etc etc... you don't need to "connect" before sending. That means that (say) your local pizza joint can send you RCS messages of your pizza as it's being prepared for you. Staying with food, that posh restaurant you booked for your anniversary could send you a ph

        • RCS does have some uses - that is, unlike all of Signal, Whatscrap, Telegram, Insta, etc etc... you don't need to "connect" before sending.

          Of course you do. It just happens that Android messages does that automatically.

          That means that (say) your local pizza joint can send you RCS messages of your pizza as it's being prepared for you. Staying with food, that posh restaurant you booked for your anniversary could send you a photo of the front door so you can find it easily, etc etc.

          They could also do it using SMS, email, or any of the non-standard application you listed above. What does it have to do with the need to connect?

  • by Indy1 ( 99447 ) on Tuesday June 15, 2021 @04:40PM (#61491094)

    This is better than zero encryption SMS, but Signal is still the gold standard. Its cross platform ( Android, IOS, WIndows, Mac, Linux), open sourced, and most important - Fed Proof.

    • The gold standard would be for a distributed system that allows for multiple layers and types of encryption with an open standard protocol and multiple client application options.

      Too bad something like that does not exist

      • by xalqor ( 6762950 )

        You forgot the link. FTFY.

        • How does the protocol deal with spam? Probably the biggest problem with decentralized messaging systems. Email still continues to suck due to this.

          • by xalqor ( 6762950 )

            Some clients allow you to block all messages from people not in your contacts roster.

            On a related note, I'm working on a fork of an open source messaging app for Android, where I added a single feature -- it separates conversations into three tabs (favorites, contacts, recents) and also allows you to set separate notification settings for these. I used to just have text notifications completely disabled and never check them because I get so many spam texts. But with the debug version of this running on my p

    • by antdude ( 79039 )

      I'm still waiting for Signal not to require a phone #. :(

    • by AmiMoJo ( 196126 )

      Signal isn't so hot... The guy behind it is kind of an arse, and ignores serious security issues until one day they get silently patched. His attitude towards federation (he doesn't support it) is a big problem too.

      We need something open source to replace Signal, something that many apps can support and which isn't reliant on Signal's servers.

      • We need something open source to replace Signal, something that many apps can support and which isn't reliant on Signal's servers.

        Matrix.org is on its way there, and well advanced.

    • This is better than zero encryption SMS, but Signal is still the gold standard.

      Signal is total crap. No centralized message history, still requires a phone number, can't be used on a PC without first signing up on a phone.

  • This is a good step forward but isn't really going to push the needle very far in terms of driving real E2EE adoption. Hardly anyone has been using RCS these days [citation needed].

    I've been using Messages on my Pixel devices for years, and I've only ever seen RCS get used with exactly one of my many contacts. Most of my contacts use iPhones, especially among the ones I text with and can't convince to switch to Signal.

    • Problem is Samsung and all their shitty clone-apps that duplicate all the standard applications... I have a Nokia, others members of the family have Motorola, and it's a vanilla Android and the standard google Messages app that is using RCS for years.

  • Too little too late (Score:4, Informative)

    by brickhouse98 ( 4677765 ) on Tuesday June 15, 2021 @05:36PM (#61491274)
    Great and all but if you use Signal or something, it's done without adjusting settings at all. I highly doubt most of the population would bother to turn on RCS. But just by downloading Signal, it's already E2E. Still a good thing but shouldn't sway you to use messages over Signal.
  • How does this protect us from Google?

  • Took them long enough. iOS has offered end-to-end encryption since 2013.
  • So where's the setting to disable this on our MDM profiles? Need our SMS gateway to intercept plain text messages for compliance.

    Sometimes I wonder if these folks ever thought about what happens when then roll out features like this for regulated industries.

  • Sure it's encrypted but what are the agreements in place or likely to be established with law enforcement and government?

    Isn't the desire for encryption precisely because unencrypted, private messages can/will be turned over on request?

  • just learnt about "google messages" after decades of using android and google stuff in general. is that really a thing? i mean ... with actual people? everyone i know uses whatsapp ...

    btw yeah whatsapp says it encrypts e2e too but i never really cared because i would never really trust such an app/corp with sensible information in the first place.

  • Show me the code and I will believe it!
  • Encryption is certainly good when it is performed as in a telegram, and not as in a whatsapp. Whatsapp provides data of "encrypted" conversations at the first request of the special services, while telegram does not allow anyone to receive user data. It's like a confrontation between two security systems. Amazon with its breaches in security protocols and ajax, which do not have such problems. By the way I advise you to see more on the site https://ajax.systems/ [ajax.systems], if you suddenly became interested. I, for on

news: gotcha

Working...