Google and Android are still failing us on messaging and encryption

A new medical clinic has been built in your neighborhood. Just down the street. It's in walking distance.

There's no worry about insurance. There are no co-pays. If you need help, you get help. In fact, you have to work hard to ever see a bill. This new clinic has the best doctors and state-of-the-art diagnostic equipment. It doesn't just diagnose a cold — it cures it on the spot.

It sounds great, but if anyone ever had to actually wait to be seen, if appointments took more than 30 minutes, there would be lines down the block.

There's just one catch. Nobody there wears gloves. Sure, there's not all that much of a chance that they'll spread any sort of contagion — and certainly not on purpose. But gloves get in the way and keep the docs from working the way they want to.

You get get a clinic with gloves just down the street. Its lines are also short, and fees are minimal, and it cures the common cold pretty much just as quickly. ... But no gloves.

The metaphor is admittedly a little stretched, but this is how I'm starting to see Google's lack of a messaging service that includes encryption by default.

What messaging strategy?

Let's rewind a bit. Google's "messaging strategy," insofar as it has one that isn't just rebranding apps every few years, has never included any sort of real attempt at the sort of encryption we should demand in real-time messaging.

Google's messaging strategy is as much a failure of focus as it is technological.

Hangouts chats were encrypted using HTTPS and TLS. But they weren't end-to-end encrypted, meaning Google (and a demanding government) could break in, if it wanted. Allo had end-to-end encryption available in an optional "incognito mode," but things otherwise were left open by default. (And that was by design.)

Today, Hangouts has been shunted off to business use, and Allo is being put out to pasture. Google instead has put its muscle behind RCS "Chat," which essentially is a modern version of the old SMS text messaging system. That in and of itself is a worthy goal. SMS (and MMS) is a legacy mechanism that should have been put down years ago. And if anyone can wrangle carriers for a new standard, it's Google.

RCS is a rich messaging system that allows for smarter (and more fun) messaging. But not every phone will have access to it at first — again, it's up to individual carriers to implement — and so it'll fall back to the legacy SMS system in that case.

But it's not enough. And it doesn't excuse Google from providing an encrypted out-of-box messaging experience for its users across Android and the web at large.


Apple's iMessage service does it right — encrypted messaging out of the box — even if its lock-in to Apple-only devices is very much wrong.

iMessage is right even as it's wrong

I'd been loathe to accept Apple's iMessage on principle. Some context here as well: iMessage is a service that works within Apple's "Messages" app. Communications between two iMessage users are end-to-end encrypted. That is, only the people chatting with each other can decrypt the messages. Apple can't read the messages, and it doesn't want to. If you're using the Messages app to chat with someone who's not on iMessage — generally, that'll be someone on Android — it falls back to unencrypted SMS.

Apple's iMessage lock-in is still bad, even as it shows the standard for basic secure communications.

To the Apple user, it's seamless. There's absolutely no thought involved. To borrow the phrase, it just works.

But a modern messaging service must work across multiple platforms. It's the right way to do it, and it's the right thing to do. Apple's gonna Apple, however, and so iMessage continues to be available on hardware that funnels money directly to Apple, and nowhere else. If an iMessage user messages someone on Android, it falls back to good ol' SMS. (Presumably that'll change to RCS at some point, but we don't yet know.)

And then there's the breakage that occurs if you try to get off of iMessage. You will miss important communications that get stuck in an iMessage loop, if the sender didn't delete that thread and start a new one, or if you didn't properly shut off iMessage or deregister your phone number. That's not just poor user experience — it's punitive lock-in, bordering on extortive. "Hey, sorry you missed out on some messages. Guess you should have stuck with us."

But iMessage does the encryption part right. It starts with encryption — prefers it, really — and falls back to insecure SMS if it has to.

RCS is better, but it's not enough

A better standard messaging service is a worthy endeavor. It'll be slow to be adopted worldwide, for sure, but it clearly should be the new baseline for basic communications between phone users. And that RCS is unencrypted shouldn't be a deal-breaker.

But that also underscores the company that sells the most smartphones in the world to provide something better, something safer, by default. Encrypted messages first — and for messages between Android and iPhone, too — with a fallback to RCS and SMS if necessary.

Google's got the capability to do this, I'm sure. Why it's not doing this is a head-scratcher.

If you're not offering a secure, encrypted experience by default, you're doing it wrong.

And that's the conclusion I came to in the past few weeks as I started to move my family from the Facebook-owned WhatsApp to Signal. Only a couple of us in my immediate circle are Android users, and I wanted us to have a secure way to chat with everyone else. On principle.

And then I decided that maybe it shouldn't just be about me. I shouldn't force my family to jump through more hoops just because there's no cross-platform encrypted messaging service from Google. (Though to be clear, still iMessage fails miserably on the "cross-platform part of that equation.)

So I am, for the first time, really switching to the iPhone. Maybe not quite whole-heartedly, maybe not quite willingly. But I also don't have in the back of my head that I'll fire up the Pixel again when all the little annoyances that make up the one big annoyance that is iOS start to drive me crazy. Because I want the people I communicate with most to have secure communications with me. By default.

If Google's not going to give me encrypted messages by default, so be it. And I'll still grumble (loudly) about Apple's iMessage lock-in. If Apple really wants to make messaging more secure, it should do so for everyone. Not just those who buy its hardware. (Hell, charge me for off-iOS iMessage on Android, then. I'll pay it.)

But making my family bounce between additional encrypted messaging apps — or making my friends fall back to insecure SMS — was starting to make me feel like I was forcing them to get an extra flu shot just because I didn't like the proprietary gloves being worn by the docs they'd been seeing. At some point it's not about me.

And at some point Google has to put on the damn gloves.

Phil Nickinson