Google message and the RCS

Since the SMT thing, I’ve been looking for a new app to replace the infamous GrapheneOS SMS app.

Google Message is the only app (at the moment) that supports RCS and you don’t necessarily need a Google account to use it.

Messages sent by RCS are end-to-end encrypted, so on paper it’s still a good application.
I don’t know how RCS works technically and I’d like to know whether Google collects any data since a Google account isn’t compulsory.

The problem is that it’s Google behind the scenes and I have absolutely no confidence in them.

What do you think, is Google Message an app to use or is it better to stick with a classic SMS app?

Translated with DeepL.com (free version)

No. One day maybe, but today that is a flawed assumption.

Messages sent between two users who are BOTH using RCS via the Google Messages app are E2EE.

At this point in time E2EE is not part of the RCS standard, and you can’t count on RCS beign E2EE. Google to Samsung or Samsung to Samsung RCS will not be E2EE. Afaik, Google Messages is the only RCS client that supports E2EE.

I don’t know how RCS works technically and I’d like to know whether Google collects any data since a Google account isn’t compulsory.

It is highly unlikely that Google is not collecting or processing your metadata at the very least (and possibly the actual content of your unencrypted conversations.

I believe it may also be possible for other intermediaries to see/collect this information in some or most contexts (such as your carrier, the other persons carrier, and the corporations and mass surveillance agencies your carriers share data with (I believe all 3 US carriers sell user data, and all 3 carriers also have a history of close and uncontested cooperation with mass surveillance agencies).

What do you think, is Google Message an app to use or is it better to stick with a classic SMS app?

Its a tough question to answer.

On the one hand you have an untrustworthy closed-source app from an untrustworthy data harvesting company, but at least some % of your conversations would be encrypted (likely less than 1/4 of your conversation in practice).

On the other hand, you could try to find a more trustworthy SMS app, maybe even one that supports RCS, but then you would be giving up E2EE for whatever % of conversations wouldve been Google–>Google.

So it really comes down to choosing the lesser of two evils. Do you want an open source app you can trust that uses a form of communication you can’t trust, or do you want an app you can’t trust from a company you can’t trust but where at least some % of your conversations would be E2EE. What matters most to you?

(and then of course option #3 is iOS and iMessage, which has its own pros/cons)

OK, I get it, whatever happens, it’s Google, you can’t trust it, data is surely being collected.

I’m going to wait for the Simple SMS Fork instead, an open source app that you can trust with a classic protocol is better in my opinion.

You are best off using an encrypted instant messenger instead of carrier-based communication.

Well, forever probably, because RCS as implemented is a Google service that they only allow certain alternative clients for (like Samsung’s).

Not only are you using Google’s clients, but in many cases Google is also running the servers on the back end. Sure, carriers can run their own, but the vast majority (in the United States) do not and instead rely on Google Jibe servers.

This is true, but it’s an important question nonetheless since some amount of SMS/RCS fallback is inevitable.

~70% of my messaging is on Signal, and I’m always trying to boost it higher, but I know it will never be 100%.

That is an important part of it. But that wasn’t the main thing I hoped to convey.

The main thing you should understand with RCS is that at this point in time, even if you use Google Messages with E2EE capability, messages between you and and anyone that is using anything other than Google Messages (so conversations with all iOS users, and most Android users will not be E2EE).

I have little to no trust in Google but they are not the baddest bad guy in this instnace (at least as far as I understand)

On that note Samsung are replacing their application with Google Messages.

and they have a help guide on it:

In this specific case it’s either a case of open source and no E2EE which equals no privacy, or Google’s Messages /w RCS and E2EE for users which also have it, so there is some privacy there.

Open source SMS applications give no privacy on a network where the carrier sees and can do anything with your messages anyway.

Well they give you privacy from Google specifically (nobody else). Not disagreeing with you, just pointing out that the entities collecting this data are different since @Pragmatic was wondering about that aspect.

I’m thinking about it, but in 2024, Apple will make iMessage compatible with RCS.

In terms of privacy, is it better to use Google Message, where messages pass through Google’s servers but are encrypted, or traditional SMS, which is not secure and can be intercepted by anyone/anything?

Most Android phones have Google Message by default, and with Apple supporting it, that adds a modicum of interest to it.

What do you think?

Translated with DeepL.com (free version)

I think that these two statements together sum up both sides of the tradeoff.

1. Using an open source SMS client: may improve your privacy on device at the expense of privacy over the network / in transit
2. Using Google Messages: will improve privacy for some % of your communications over the network / in transit but comes at the expense of having to install an untrusted and untrustworthy closed source app provided to you freely by a tracking company.

How each of us weighs these options will depend on a lot factors that are specific to each of us and our respective threat models and priorities.

Hopefully in the future we won’t have to make this choice, and there will be FOSS privacy-respecting options for RCS.

I use Google Messages because I can sync SMS messages on my PC. And in privacy aspect, I still trust Google more than my carrier. I think I know Google much more than I know my carrier.

I rarely text anyone using this channel, though.