Apple will soon support encrypted RCS messaging with Android users
41 comments
·March 14, 2025oneplane
jeroenhd
The encryption is based on MLS: https://www.rfc-editor.org/rfc/rfc9420.html
I don't think Google wanted to gatekeep their E2EE implementation. They have some generic documentation about how it works: https://www.gstatic.com/messages/papers/messages_e2ee.pdf
The thing about RCS is that no messengers seem to care at all about implementing RCS themselves. Part of that is probably because depending on the carrier, RCS may require access to certain SIM card information, which only pre-installed apps can do, and part of it is that many developers are waiting for Google to add RCS to the same API that SMS/MMS already exposes because they don't want to implement RCS themselves.
Realistically, the target demographic for their documentation is 1) Apple (who they'd happily supply with details to get rid of the green bubble problem) and maybe 2) government officials looking into antitrust concerns. In theory someone working for LineageOS can implement an RCS client, though, but for those developers I don't think reverse engineering the remaining unknowns about the protocol (mostly "what server" and "what message contents") aren't that difficult.
I'm not cryptographer, but I haven't heard any major issues from actual cryptographers about MLS. It's encryption principles seem to be similar to those of Signal. Google is actually already using MLS in their proprietary E2EE implementation.
Ideally, MLS would be combined with MIMI so that messaging apps become interoperable, but that's probably a pipe dream.
acdha
The protocol is open but key exchange is not: even on Android, third-party messengers can’t interoperate with Google Messages. See page 11 of that PDF.
g-b-r
That text seems more a reflection of the fact that only Messages supported it, when the document was written
If they seriously wanted random third parties to implement it, anyhow, they'd have published a specification, not an "overview"
stephenr
I understand your point that the "news" part is that RCS standard now includes E2EE, rather than about Apple's support for said standard.
But I don't think it's fair to suggest or imply that this development is unrelated to Apple either.
RCS has been a thing for nearly a decade, and Google's RCS backend has been doing non-standard E2EE for half that time.
Within 8 months of Apple publicly announcing they would adopt RCS and work with GSMA to support standardised E2EE, there is suddenly a standard for it...
she46BiOmUerPVj
Is there anything that shows "no one was allowed to use it" or was it that it wasn't an accepted standard?
oneplane
Yes, Google only made it available for Google Messages. They don't have an SDK or API you can use to make your own clients or servers. Google also didn't put it up for standards with the GSMA or any other standards body, at least not publicly. There are no records of it.
There are some older submissions here you can probably find using one of the HN search sites about this, but IIRC those didn't really have any internal Google policy about this, they kept it all pretty private. The only 'leak' I remember about this was the thing where manufacturers that preload Google Android have to ship Google Messages to get RCS support from Google, otherwise they can't have it. Also means you can't have RCS without Play Services.
jauntywundrkind
The destruction of third party apps has been totally wild.
I'm very curious how long this OS-coupled status quo is going to go on for.
acdha
Look at Google’s documentation: they explicitly state that only their Messages app is allowed to talk to their key exchange server. The entire marketing campaign they ran about RCS was predicated on nobody reading their docs or noticing all of the Android developers begging for permission to use RCS for years.
https://www.gstatic.com/messages/papers/messages_e2ee.pdf
> E2EE is implemented in the Messages client, so both clients in a conversation must use Messages, otherwise the conversation becomes unencrypted RCS. In rare situations where the conversation starts as E2EE, then one of the clients migrates to a different RCS client or an older Messages client that does not support E2EE, Messages might be unable to detect the change immediately. If the Messages user sends a new message, it’s still E2EE, however the recipient client may render the encrypted base64 payload directly as message content.
throawayonthe
[dead]
alwayslikethis
Unfortunately, RCS on Android requires google apps, so this isn't really a solution to anyone who doesn't want to be tracked by Google everywhere they go.
I'm still a little confused as to what problem RCS is supposed to solve. It is just as centralized as any other chat app, and is a bit more invasive (often requiring device attestation). Is it really worth all this hassle just to not have to install, let's say, Signal?
paulryanrogers
Now that Signal cannot be the SMS / RCS app, yes that's too much hassle. Network effects are too powerful.
codedokode
It is good that commercial messengers forced GSM association to finally create E2EE standards. The reason why telcos want you to use RCS becomes obvious if you calculate how much 1Gb of data costs if sent as SMS (I guess that one could buy a car with this money).
mrweasel
Why was RCS even designed with a none encrypted mode? I get that the original spec isn't exactly new, but it's also not so old that encryption, security or privacy wasn't an issue.
izacus
Encryption and privacy isn't an issue for carriers, which were part of the standard body and operate SMS protocol even in 2025.
You assume everyone has the same goals in mind :)
jeroenhd
It's the evolution of SMS/MMS; development started 18 years ago, in 2007. The modern spec is based on that with a whole bunch of additional revisions for things like video calling and transferring money. It was designed long before major messenger apps had e2ee in the first place.
Had it been designed with the security practices at the time, the protocol would've been ossified to the point of being practically insecure by today's standards. In a sense, the fact nobody cared about it until the spec was old enough to drive is actually good for users.
The GSMA which designs RCS also serves the needs of government agencies that are tracking (international) criminals, so I bet there must have been some pretty strong opposition against E2EE in the official spec. Frankly, I'm surprised they're even putting it in the spec.
nubinetwork
I'm not sure about the case of RCS, but I've seen some instances of a none cipher being better for compression and deduplication, because the encryption messes with the data.
dontlaugh
I assume some sort of multicast.
hagbard_c
You'd normally compress the data before encrypting it as that makes the resulting cyphertext more resilient against cryptanalysis as well as reduces the amount of data which needs to be encrypted so this sounds like a bogus reason.
jayd16
You'd have to compress every single message separately and then encrypt them. That's still a far cry from being able to compress across every message.
nubinetwork
It depends on what you're doing I guess... for storage it doesn't make sense, but for pushing a lot of data over a private pipe, why spend the resources adding a cipher?
g-b-r
This is a risky clause:
> R5-32-5 An RCS client having E2EE enabled shall implement techniques to detect suspicious messages or conversations.
criddell
When an iPhone sends a message to 555-1212, where does the iPhone get the public key for that number?
acdha
Apple runs servers for managing iMessage key exchange, just like Google’s RCS encryption. Both of them use device attestation to restrict access to those servers to their own apps.
ebb_earl_co
This is great in principle. I still prefer Signal as the top-shelf experience of iOS—Android communication.
WorldPeas
Any news on if/when one will be able to send RCS from a program or device outside the monolith?
bebna
Never. It is just a fancy MMS in new disguise. Carriers / patent holders will hold to it forever while praising it as the new best thing.
singpolyma3
You can get access to send MMS though. RCS there is no one selling access yet, especially for person to person.
WorldPeas
It seems people are, but not anyone with a big name: https://jibe.google.com/partners/messaging-partners/ I'm guessing it's provisioned this way. https://developers.google.com/business-communications/rcs-bu...
qrush
Still waiting for Google Fi to turn RCS on for iOS users :(
snowwrestler
Now if only we could get Google to support RCS in Google Voice.
toomuchtodo
It’s really odd they don’t, I’m incredibly curious why.
chneu
GVoice gets forgotten about, I swear.
There are years between updates and then suddenly for like 6 months it'll get a slew of updates, most of which aren't user-facing. Then back to update silence. It's really odd.
I'm still amazed that google hasn't killed it.
the-rc
I always wondered if it's still alive only because Larry or Sergey use it every day.
tengbretson
Still waiting on a non-Google implementation of this so-called standard.
thomascountz
Announcement discussion from 2023:
Apple announces that RCS support is coming to iPhone next year
https://news.ycombinator.com/item?id=38293082
793 points | 709 comments
pityJuke
To be clear, this is a different announcement. That was just RCS, this is encrypted RCS.
cantSpellSober
The big difference:
> The GSM Association announced that the latest RCS standard includes E2EE
> While Apple’s proprietary iMessage system already supported E2EE, this wasn’t extended to RCS messaging because the previous RCS standard didn’t provide cross-platform support
So essentially, it's not really an Apple thing, it's more that the universal RCS profile just didn't have encryption, and Google RCS was a non-standard extension that nobody else was allowed to use.
The real news is the update to GSMA RCS, because without that, none of this matters. What I'm missing in the article is who's going to own the keys and why this is probably going to default to the telcos as if it's MMS. Are they going back to the days of charging per message?
With iMessage you'd be putting your trust in Apple, with Google RCS you'd be putting your trust in Google. For WhatsApp that'd be Meta and for Signal that's Signal. But with GSMA RCS?