Sometimes timing really is everything, and so it is with a bemusing new twist for iPhone users updating to iOS 18, despite a lack of Apple Intelligence frills but lured by the new thrill of typing ellipses and non-blurry images when texting Androids.
I have already cautioned users (both before and after Apple’s RCS update release) not to switch from the likes of WhatsApp to the iMessage Google Messages RCS combo, given the serious security downside. While both Apple and Google urge their users to end-to-end encrypt wherever possible, including within the separate iMessage and Google Messages walled gardens, this does not yet extend to RCS.
The Washington Post and others have warned that RCS leaves “chats with Android friends still [with] security and other compromises that Apple could have avoided.” Others have pointed to data breaches to reinforce the point, with John Gruber warning in his Daring Fireball newsletter that a recent US telco breach of call and text records “exemplifies why RCS is a terrible protocol that ought not exist, and why it’s a mistake that Apple is adding support for it to iOS 18 this year.”
And so to that twist of timing. Along with many other security writers ands analysts, I have warned for years that the gaping holes in Telegram’s security were a recipe for disaster. Approaching a billion users put such concerns to one side, and yet here we are. Despite always promising otherwise, it now seems that Telegram will betray its users and give up their private data after all.
“We have updated our Terms of Service and Privacy Policy,” the recently imprisoned Telegram founder Pavel Durov suddenly announced on his own channel this week, “ensuring they are consistent across the world. We’ve made it clear that the IP addresses and phone numbers of those who violate our rules can be disclosed to relevant authorities in response to valid legal requests.”
It is difficult to describe just how surprising a change this is—Telegram’s promise to keep all information private was the only defense users had. There are no technical impediments stopping Telegram from sharing almost all user content and metadata. Surprising given past statements, but a blatant risk the minute a cell door was shut on Durov, the autocrat with the keys to Telegram’s entire data kingdom.
While on the surface, IP addresses and phone numbers are the same metadata that can be shared by the likes of WhatsApp, end-to-end encrypted platforms cannot share actual content not can they monitor or screen content to flag users. Telegram can do both those things. What could happen next is the very definition of a slippery slope for Telegram’s billion users. Little surprise then that Ukraine has already banned official use of the app, lest Russia is listening in.
The National Security and Defense Council of Ukraine “decided to limit the use of Telegram in state authorities, military formations, and critical infrastructure,” with Kyrylo Budanov, head of the Ministry of Internal Affairs, citing “substantiated data regarding the availability of Russian special services to the personal correspondence of Telegram users, even deleted messages, as well as their personal data.”
Echoes here of Signal’s warnings earlier this year, with Meredith Whittaker posting that “Telegram is notoriously insecure and routinely cooperates with governments behind the scenes while talking a big game about speech and privacy… Even their limited opt-in (roll their own) encryption is sus. The more you know…”
Again, Telegram’s defense to all such claims has been policy and an assurance it has never and will never disclose user data. But as I have stressed repeatedly, there’s all the difference in the world between won’t (policy) and can’t (encryption).
This security and privacy defense is the very reason Apple and Google—separately—recommend iPhone and Android users rely on end-to-end encryption wherever possible. Not just for messaging, but for anything else as well, where such security is available. With Apple’s Advanced Protection, that’s almost everything. When Apple says “not even Apple” can read messages or access content, it’s concrete.
GSMA—the mobile standards setter—and Google have assured this will be fixed soon, albeit Apple is adding little to its original statement last year, that it would work worth the industry on new standards rather than create a proprietary fix. But that means developing, testing, piloting and then releasing a fully interoperable end-to-end encryption protocol at vast scale, without control of either endpoint.
When you use RCS on Google Messages, it’s essentially all handled within Google’s platform, using RCS as the protocol but wrapping it with Signal’s encryption protocol in a proprietary envelope developed by Google. If you RCS anyone outside Google Messages, on iPhone or Android, that security falls away.
Rather like SMS (but with better albeit not end-to-end security), when you RCS cross-platform, your content can bounce around multiple different infrastructures, including network carriers. It’s not as ludicrously wide open as SMS, but it’s nowhere close to the assurance from end-to-end encryption.
The fix is to expand the core protocol to share crypto keys cross-platform to enable different clients to assure one another of the integrity of the other endpoint and decrypt content. The same functionality needs to work one to one and across groups.
But as one commentator on Security Boulevard noted, “this will be the first deployment of standardized, interoperable messaging encryption between different computing platforms, addressing significant technical challenges such as key federation and cryptographically-enforced group membership.” Unless this is already in test, I wouldn’t be holding my breath, waiting for it to turn up anytime soon.
Per Gruber, “the argument against RCS is strong and simple: it doesn’t support end-to-end encryption. The only new messaging platforms that should gain any traction are those that not only support E2EE, but that require it. Messaging and audio/video calls should only work through E2EE… SMS and traditional telephone voice calls lack any encryption at all, but they’re firmly established. Just like email. But anything new should only be supported if it’s fundamentally based on E2EE.”
Google has confirmed its commitment to accelerating this and I have approached Apple to ask where they stand on RCS, encryption and timing.
Notwithstanding the challenges, if Apple and Google (and if they can’t, no one can) really can now work with GSMA and others to create a genuinely interoperable E2EE protocol that bridges the gap between ecosystems, then it’s a huge step forward. Coming in parallel with WhatsApp’s third-party chat update—broadly replicating the same within its own platform, this will be a huge security boost for users.
The clock, though, is already ticking.
