I have a Pixel 10 Pro XL phone running the stock OS. Has anyone has been able to figure out if backups of the phone using the backup setting (provided by Google) allow for media sent in RCS chats in Google Messages (Photos, Videos, and Files) to be encrypted using your phone’s screen lock. I have searched and searched for an answer on this and I cannot seem to find one. Google’s documentation on this is not very good, here is what they say: “Some data is further encrypted with your device’s screen lock. Photos and videos in Google Photos, and MMS media received from your carrier aren’t encrypted by your device’s screen lock.” Android Backup Documentation
Hi, please check this answer from the pixel community: Google pixel backup e2ee? - Google Pixel Community . I hope that helps.
Thank you for the link. Unfortunately, I haven’t had good luck with the Google Help Communities in the past. Since it’s entirely volunteer-run, the answers often lean toward generic or automated responses rather than the deep technical insights required for security questions.
Either way, I believe this is an important question for the privacy community to have a definitive answer to: When backup is enabled in Android settings, what exactly is sent to Google’s servers and genuinely protected by client-side encryption (via screen lock)? Specifically, are the media attachments (files, videos, and photos) sent and received in RCS messages protected by this client-side encryption during the backup process?
If anyone is able to get a solid, sourced answer to this question, I will donate $20.00 to Privacy Guides and post proof of my donation in this thread as a thank you for the help.
I would treat it as not protected by the screen-lock layer unless Google says that exact RCS media type is included. Their wording carves out Photos/Google Photos and carrier MMS media, but it does not clearly say “RCS attachments are client-side encrypted with your lock screen.” For a conservative setup, I’d avoid relying on Android cloud backup for sensitive message media and keep important files in an app/service where the backup encryption model is explicit.
That is a very fair point, and I completely agree, however, part of what makes me hold onto the possibility that RCS attachments might actually be client-side encrypted is precisely how Google worded their exclusion. They explicitly went out of their way to carve out MMS media and Google Photos as not being encrypted by the screen lock. The fact that they specifically name the legacy MMS protocol, but completely leave out RCS media despite RCS being their flagship messaging standard is what catches my attention.
I absolutely understand that Google’s vagueness here should be a cause for suspicion rather than optimism. That said, I still think this is an incredibly important detail worthy of further investigation. Millions of Android users rely on this native cloud backup service. When you set up a new Pixel and are prompted to turn on backup, it’s heavily implied that your screen lock encryption is liberally applied to your personal data. If it turns out that RCS media is being backed up without that client-side encryption layer, that is a massive privacy blind spot for the average user.
Please check also this: E2EE backup Google
App’s data are apparently CSE encrypted with screen password if the developer follows the mentioned Google guidelines, at least on google Pixel. Nonetheless,as far as photos and files backup, Google says it is encrypted at rest and in transit, no e2ee
As far as RCS, please check this: How Signal, WhatsApp, Apple, and Google Handle Encrypted Chat Backups | Electronic Frontier Foundation
I did read that thread before posting mine, it does not really answer my question, in fact, some of the last post are about RCS messages being encrypted without evidence to support what part of RCS messages are encrypted. Ok well what about files, pictures, and videos of RCS conversations?
I wanted to follow up on the EFF article regarding RCS backups, because something isn’t adding up.
The EFF states that the text of RCS messages is encrypted in Android backups. However, their source for this claim is the exact same Google Support page that I linked at the beginning of this thread.
If you look at that Google support page, it actually says nothing about RCS. The only relevant line is: “MMS media received from your carrier aren’t encrypted by your device’s screen lock.”
Since MMS media and RCS media are completely different protocols, why would Google specifically carve out MMS media as being unencrypted by the screen lock, but completely ignore RCS?
This leads me to two possible conclusions:
-
RCS media is protected by the screen lock in backups. Google only mentioned MMS because it is the exception to the rule.
-
Google’s documentation is just vague and poorly written. The privacy community should rightfully be skeptical of vagueness. You would think Google would want to proudly boast about the specific things that are secured by the screen lock. It’s entirely possible the support team just didn’t write a comprehensive article.
I find myself going back and forth on what exactly to take away from this vagueness. Do you see where I am coming from here?
I understand some might refer me back to the EFF article to settle this, but honestly, I think the EFF made a leap here. I love the EFF, but when the primary source they cite doesn’t actually align with the claims in their article, it makes me doubt their conclusion. It seems like they stated something without knowing the full specifics of the situation or doing comprehensive research on how Google handles RCS in backups.
Curious to hear what you all think.