Google and Android are still failing us on messaging and encryption
A new medical clinic has been built in your neighborhood. Just down the street. It's in walking distance.
There's no worry about insurance. There are no co-pays. If you need help, you get help. In fact, you have to work hard to ever see a bill. This new clinic has the best doctors and state-of-the-art diagnostic equipment. It doesn't just diagnose a cold — it cures it on the spot.
It sounds great, but if anyone ever had to actually wait to be seen, if appointments took more than 30 minutes, there would be lines down the block.
There's just one catch. Nobody there wears gloves. Sure, there's not all that much of a chance that they'll spread any sort of contagion — and certainly not on purpose. But gloves get in the way and keep the docs from working the way they want to.
You get get a clinic with gloves just down the street. Its lines are also short, and fees are minimal, and it cures the common cold pretty much just as quickly. ... But no gloves.
The metaphor is admittedly a little stretched, but this is how I'm starting to see Google's lack of a messaging service that includes encryption by default.
What messaging strategy?
Let's rewind a bit. Google's "messaging strategy," insofar as it has one that isn't just rebranding apps every few years, has never included any sort of real attempt at the sort of encryption we should demand in real-time messaging.
Hangouts chats were encrypted using HTTPS and TLS. But they weren't end-to-end encrypted, meaning Google (and a demanding government) could break in, if it wanted. Allo had end-to-end encryption available in an optional "incognito mode," but things otherwise were left open by default. (And that was by design.)
Today, Hangouts has been shunted off to business use, and Allo is being put out to pasture. Google instead has put its muscle behind RCS "Chat," which essentially is a modern version of the old SMS text messaging system. That in and of itself is a worthy goal. SMS (and MMS) is a legacy mechanism that should have been put down years ago. And if anyone can wrangle carriers for a new standard, it's Google.
RCS is a rich messaging system that allows for smarter (and more fun) messaging. But not every phone will have access to it at first — again, it's up to individual carriers to implement — and so it'll fall back to the legacy SMS system in that case.
But it's not enough. And it doesn't excuse Google from providing an encrypted out-of-box messaging experience for its users across Android and the web at large.
iMessage is right even as it's wrong
I'd been loathe to accept Apple's iMessage on principle. Some context here as well: iMessage is a service that works within Apple's "Messages" app. Communications between two iMessage users are end-to-end encrypted. That is, only the people chatting with each other can decrypt the messages. Apple can't read the messages, and it doesn't want to. If you're using the Messages app to chat with someone who's not on iMessage — generally, that'll be someone on Android — it falls back to unencrypted SMS.
To the Apple user, it's seamless. There's absolutely no thought involved. To borrow the phrase, it just works.
But a modern messaging service must work across multiple platforms. It's the right way to do it, and it's the right thing to do. Apple's gonna Apple, however, and so iMessage continues to be available on hardware that funnels money directly to Apple, and nowhere else. If an iMessage user messages someone on Android, it falls back to good ol' SMS. (Presumably that'll change to RCS at some point, but we don't yet know.)
And then there's the breakage that occurs if you try to get off of iMessage. You will miss important communications that get stuck in an iMessage loop, if the sender didn't delete that thread and start a new one, or if you didn't properly shut off iMessage or deregister your phone number. That's not just poor user experience — it's punitive lock-in, bordering on extortive. "Hey, sorry you missed out on some messages. Guess you should have stuck with us."
But iMessage does the encryption part right. It starts with encryption — prefers it, really — and falls back to insecure SMS if it has to.
RCS is better, but it's not enough
A better standard messaging service is a worthy endeavor. It'll be slow to be adopted worldwide, for sure, but it clearly should be the new baseline for basic communications between phone users. And that RCS is unencrypted shouldn't be a deal-breaker.
But that also underscores the company that sells the most smartphones in the world to provide something better, something safer, by default. Encrypted messages first — and for messages between Android and iPhone, too — with a fallback to RCS and SMS if necessary.
Google's got the capability to do this, I'm sure. Why it's not doing this is a head-scratcher.
And that's the conclusion I came to in the past few weeks as I started to move my family from the Facebook-owned WhatsApp to Signal. Only a couple of us in my immediate circle are Android users, and I wanted us to have a secure way to chat with everyone else. On principle.
And then I decided that maybe it shouldn't just be about me. I shouldn't force my family to jump through more hoops just because there's no cross-platform encrypted messaging service from Google. (Though to be clear, still iMessage fails miserably on the "cross-platform part of that equation.)
So I am, for the first time, really switching to the iPhone. Maybe not quite whole-heartedly, maybe not quite willingly. But I also don't have in the back of my head that I'll fire up the Pixel again when all the little annoyances that make up the one big annoyance that is iOS start to drive me crazy. Because I want the people I communicate with most to have secure communications with me. By default.
If Google's not going to give me encrypted messages by default, so be it. And I'll still grumble (loudly) about Apple's iMessage lock-in. If Apple really wants to make messaging more secure, it should do so for everyone. Not just those who buy its hardware. (Hell, charge me for off-iOS iMessage on Android, then. I'll pay it.)
But making my family bounce between additional encrypted messaging apps — or making my friends fall back to insecure SMS — was starting to make me feel like I was forcing them to get an extra flu shot just because I didn't like the proprietary gloves being worn by the docs they'd been seeing. At some point it's not about me.
And at some point Google has to put on the damn gloves.
Get the Android Central Newsletter
Instant access to breaking news, the hottest reviews, great deals and helpful tips.
I don't live in the states and don't have any of these problems. I only use 2 messaging apps, WhatsApp just for some groups and some other people a don't really chat with that often but most of them are on telegram.. that is working fine crossplatform and has all the features I want By the way that rcs will be a complete failure over here I can almost guarantee that 100%. For now no operator is supporting it overhere and people will not be that quick to move if that happens (because then all 4 operators have to move first..) Google did missed that boath completely. They should have stick with Google talk and improved on that...
What is it specifically you don't like?
I must admit I agree I just don't really know why.
I don't worry as much if my conversations are over heard.
When they come for me it will be because of what I've said not what I've text.
But as I've said I want my text to be private. And I strongly support others who do too.
Honestly the main reason why someone would care about or would want encryption in their messaging app for most law abiding people. Is from hackers and the big 800 pound gorilla in the room the government. In my opinion if someone that has to ask why someone would want that in a messaging app for the most part They are more or less in the
" I have nothing to hide crowd" But I guess I'm overly sensitive on this topic because of me living ij in former East Germany. You had no privacy in most regards from the government.
I would without thinking about it the same as I do with SMS.
If I think about it I use email or WhatsApp.
Everyone I know uses WhatsApp.
Let's all agree to use nothing else and we need never worry about it again...
Unlike emails most people do not use text for any sensitive communications.
Just like chatting in public some people aren't as concerned if it's not encrypted.
But with around 1.5 billion people using WhatsApp an encrypted service is available for all.
Likewise RCS can improve on a lot of things, but it wasn't built with encryption in mind.
You would essentially have to do the same thing iMessage or apps like Signal do now. You have to have some form of middle service for all of this to work; which means you either need to offer an app or get it adopted by Apple for it to really function properly.
Must be more to it than that?
With billions more regular users it could have forced Apple, Samsung and any other manufacturer to play ball.
I have a google pixel 2 and iPhone X. I love everything about android, Except Messaging. Android messaging is pure hot trash. Even on the pixel. Pictures are compressed and look like a dumpster fire by the time they get to the recipient. Videos: lol worse that hot garbage... just don't bother.
iMessage can send large files (up to 5GB seamlessly) and it just works. Not to mention iMessage also works on your Mac and iPad and iPod. in fact ALL of icloud: mail, contacts, calendar, reminders, notes, bookmarks, Home, health, Wallet (Apple Pay), game center, Siri, Keychain, and Find my "whatever" all work seamlessly on All Apple products with a single iCloud email sign in. Users never have to think about it. it just works.
Android should have had an "iMessage" of their own within 6 months of iMessage being released.
You say that it's a head scratcher WHY they haven't already done that.
Come on Phil, You know why.... unlike Apple, google wants to read EVERY single message people send to add to their search engine. They want to know everything everyone talks about, no matter how big or small, so they can see how humans talk to each other. There is no other reason not to have fixed messages on android like 7.5 years ago....
and now RCS in the messages app. Which is not default on most phones. Most of the people i know use the carrier SMS app or the one provided on the device. Those are the same people that drive the market. So unless google forces certain things it will take a long time for change.