Chat is Google's next attempt at messaging on Android

[THeEmpire.01]

Remember guys that this isn't actually another app that Google is making, this is a new "feature" to the standard messaging app on Android. Also in the topic of encryption, Google's decision to use RCS in a non-encrypted way is quite scary and not exactly a positive for Google. Especially when Apple's iMessage does have a form of end to end encryption.

[AlTech]

People still use SMS? lol.

 

2 hours ago, LAwLz said:

I have no idea why people are reacting the way they are doing.

The way I look at it, this is just Google pushing to get SMS replaced. SMS as a standard is pretty shit and need to be replaced. I don't see this competing with messaging apps like WhatsApp or iMessage.

And while WhatsApp and iMessage has already replaced SMS for a lot of people, SMS is still pretty widely used.

Yeah, i've totally stopped using SMS entirely.
 

Now I need to convince everyone who has me on WhatsApp to move to Signal .

[79wjd]

27 minutes ago, AluminiumTech said:

People still use SMS? lol.

 

Yeah, i've totally stopped using SMS entirely.
 

Now I need to convince everyone who has me on WhatsApp to move to Signal .

I still use SMS with anyone who doesn't have an iPhone (with one exception who refuses to use the stock messaging app on Android and so I have to use signal with him). I'm really just not interested in having to use multiple Messengers. Luckily for me, the people I actually talk to frequently all have iMessage.

[paddy-stone]

So google is truly "Hooli" ?

 

[Doobeedoo]

This could be good. Hopefully it doesn't crash and burn. 

[Sniperfox47]

1 hour ago, THeEmpire.01 said:

Google's decision to use RCS in a non-encrypted way is quite scary and not exactly a positive for Google. Especially when Apple's iMessage does have a form of end to end encryption.

Umm RCS is encrypted by default as part of the standard. I'm not sure where you get the impression it's unencrypted...

 

Apple's end to end encryption may not be quite as totally broken as Telegram and WhatsApp but it's still not perfect by any means.

 

Unlike Facebook with WhatsApp, at least Google is up front with you about the fact that they can decrypt every message you send through Jibe (their RCS service). It's no different from Skype, Discord, or any of the other basic messengers, and at least it's not trying to inspire a false sense of security like WhatsApp and Telegram do.

[The Benjamins]

Is this supported by Fi, can I replace Hangouts with this?

[Sniperfox47]

18 minutes ago, The Benjamins said:

Is this supported by Fi, can I replace Hangouts with this?

Not currently officially. If they launch with the other US and Canadian carriers at IO like I'd expect then they'll probably launch on Fi at the same time. Currently it's not supported by all of the Fi backend carriers.

[The Benjamins]

3 minutes ago, Sniperfox47 said:

Not currently officially. If they launch with the other US and Canadian carriers at IO like I'd expect then they'll probably launch on Fi at the same time. Currently it's not supported by all of the Fi backend carriers.

My phone only connects to T-Mobile or Sprint which are both supported.

 

also when is this going to be implemented?

[Sniperfox47]

12 minutes ago, The Benjamins said:

My phone only connects to T-Mobile or Sprint which are both supported.

 

also when is this going to be implemented?

It's already implimented. If you're on T-Mobile or Sprint directly then it's worked for months now. If you're  on Rogers in Canada the same.

 

It just requires your carrier to support it at this point, which means no Fi until *all* Fi backbone carriers plus Fi themselves support it.

 

As I posted above, that should be "Q1 or Q2" this year for all major Canadian and American carriers other than Telus, according to Google's RCS team (Jibe) who are working with carriers on implimenting it.

 

Edit: correction, not just Months. Almost a full year. Messenger has supported The GSMA's Universal RCS Profile since May of 2017.

[bcredeur97]

I really would like something comparable to iMessage to be default across the globe.

I hate SMS now. It just feels ancient.

[LAwLz]

1 hour ago, Sniperfox47 said:

Apple's end to end encryption may not be quite as totally broken as Telegram and WhatsApp but it's still not perfect by any means.

What do you mean when you say Telegram and WhatsApp's encryption is "totally broken"?

[yian88]

Please dont use this or any app coming from untrusted companies like google facebuk, msoft etc. Dont install it dont use it, promote against it, nothing this companies do is secure they collect everything and if its free you are the product.

 

[Sniperfox47]

1 hour ago, LAwLz said:

What do you mean when you say Telegram and WhatsApp's encryption is "totally broken"?

WhatsApp moreso since they can push specific new encryption keys remotely and have your device retransmit messages with the new key, allowing them to read any message between the two users regardless of the "end to end encryption" nature of the connection.

 

With Telegram it's more a matter of they rolled their own solution that's provably not fully secure, even if no known exploitable vulnerabilities have been found yet. IND-CCA is one such attack that works on MTProto from a theoretical standpoint and there are likely others.

[LAwLz]

1 hour ago, Sniperfox47 said:

WhatsApp moreso since they can push specific new encryption keys remotely and have your device retransmit messages with the new key, allowing them to read any message between the two users regardless of the "end to end encryption" nature of the connection.

1) You're oversimplifying and overdramatizing the attack.

2) That is a minor issue which most certainly does not warrant calling it "totally broken".

 

Did you by any change read the Guardian article about it? Because that article was full of misinformation and overdramatization.

 

The attack is incredibly hard to pull off (they have to change the recipients key after the sending as clicked send, but before the message has reached the server which is probably like a 1-2 second window in normal cases).

They don't know when this window will appear.

The sender can be alerted by the attack.

If everyone goes extremely well, they will see a message or two and that's about it.

[Bigbootyjudy]

This seems really similar in design to facebook messenger which I really like. I personally only trust Google a little with this ap since it doesn't have a major form of encryption.

[THeEmpire.01]

5 hours ago, Sniperfox47 said:

Umm RCS is encrypted by default as part of the standard. I'm not sure where you get the impression it's unencrypted...

 

Apple's end to end encryption may not be quite as totally broken as Telegram and WhatsApp but it's still not perfect by any means.

 

Unlike Facebook with WhatsApp, at least Google is up front with you about the fact that they can decrypt every message you send through Jibe (their RCS service). It's no different from Skype, Discord, or any of the other basic messengers, and at least it's not trying to inspire a false sense of security like WhatsApp and Telegram do.

Directly from The Verge article —>

 

 But, like SMS, Chat won’t be end-to-end encrypted, and it will follow the same legal intercept standards. In other words: it won’t be as secure as iMessage or Signal.

 

 

 

The worse news is that carriers aren’t fond of strong encryption and don’t have a great history of pushing back against government demands for information.

”RCS continues to be a carrier-owned service, so legal intercept and other laws that exist that allow carriers to have access to the data continues to be the case,” Sabharwal admits. And though Google isn’t shutting down Allo, it’s also not working to create a chat service that is as secure as iMessage, Signal, or even Telegram. “At this point, the answer is no. We will not have that option,” 

 

 

This is what I was referring to and you have a valid point. 

[Tech Enthusiast]

Funny to read all the "omg, company x can read my text!".

No one cares about your texts, seriously. No one.

 

On topic:

I doubt it will be as nice as WhatsApp is, so i doubt it will make a big dent in germany.

I mean, seriously, i have yet to see a single person in germany not using whatsapp. It is basically the default app on every phone, because you can text everyone and don't have to pay for sms, or install any other apps. Kinda reached the "one app to rule them all" standard here.

[aezakmi]

Quote

Rich Communication Services (RCS), the new standard that’s meant to supplant SMS

Anyone knows when this is gonna happen? my phone has only SMS and if they decide to kill it, well, I'm really f*cked and I ain't getting a $600 new phone just for a new messaging protocol

[raphidy]

I just don't care, I text my friends with sms and FB messenger for anyone I know.

[Sniperfox47]

1 hour ago, THeEmpire.01 said:

Directly from The Verge article —>

 

 But, like SMS, Chat won’t be end-to-end encrypted, and it will follow the same legal intercept standards. In other words: it won’t be as secure as iMessage or Signal.

 

 

 

The worse news is that carriers aren’t fond of strong encryption and don’t have a great history of pushing back against government demands for information.

”RCS continues to be a carrier-owned service, so legal intercept and other laws that exist that allow carriers to have access to the data continues to be the case,” Sabharwal admits. And though Google isn’t shutting down Allo, it’s also not working to create a chat service that is as secure as iMessage, Signal, or even Telegram. “At this point, the answer is no. We will not have that option,” 

 

 

This is what I was referring to and you have a valid point. 

RCS is not end-to-end encrypted... correct... that doesn't mean it's unencrypted >.>

 

SMS is sent to your carrier as plain text. RCS is sent to the RCS service (Jibe, not your carrier) encrypted.

 

And afaik the Jibe RCS platform allows carriers to see the size of the message for monotization purposes but not the message itself. If anyone can give me evidence to the contrary I'll happily recant that, but the last I heard, the Jibe cloud platform handles all of that in the background and doesn't expose it to carriers themselves.

 

2 hours ago, LAwLz said:

1) You're oversimplifying and overdramatizing the attack.

2) That is a minor issue which most certainly does not warrant calling it "totally broken".

 

Did you by any change read the Guardian article about it? Because that article was full of misinformation and overdramatization.

 

The attack is incredibly hard to pull off (they have to change the recipients key after the sending as clicked send, but before the message has reached the server which is probably like a 1-2 second window in normal cases).

They don't know when this window will appear.

The sender can be alerted by the attack.

If everyone goes extremely well, they will see a message or two and that's about it.

If encryption can be overcome in a way that is more effective than brute forcing it, it absolutely is totally broken.

 

And all of the limitations you just listed are only true if the attacker is a third party, not if the attacker is Facebook themselves... Which defending against is literally the whole point of end-to-end encryption rather than to-server encryption... Which is what my earlier comment was about. WhatsApp gives a false sense of security to users by claiming to be end-to-end encrypted when in reality Facebook themselves can force a keychange in the background.

And as far as notifications on key-change go, how far are you willing to trust a company like Facebook to not have a bypass for the notification generation? >.>

 

P.S. Facebook's official response on the subject was "That's not expected behavior." That's not a 'We'll fix that!', it's a generic platitude on a security related topic.

[LAwLz]

37 minutes ago, Rattenmann said:

Funny to read all the "omg, company x can read my text!".

No one cares about your texts, seriously. No one.

Yes they do.

 

 

12 minutes ago, Sniperfox47 said:

If encryption can be overcome in a way that is more effective than brute forcing it, it absolutely is totally broken.

That is a terrible definition of "totally broken encryption".

By that definition, AES is totally broken too. Almost all protocols are.

 

13 minutes ago, Sniperfox47 said:

And all of the limitations you just listed are only true if the attacker is a third party, not if the attacker is Facebook themselves...

No they aren't. All the limitations I mentioned are controlled by the clients. Of course, you could claim that the WhatsApp client is compromised and I can't really argue against that since it's closed source.

 

19 minutes ago, Sniperfox47 said:

WhatsApp gives a false sense of security to users by claiming to be end-to-end encrypted when in reality Facebook themselves can force a keychange in the background.

[Citation Needed]

 

20 minutes ago, Sniperfox47 said:

P.S. Facebook's official response on the subject was "That's not expected behavior." That's not a 'We'll fix that!', it's a generic platitude on a security related topic.

[Citation Needed]

Also, I am fairly sure that is the expected behavior, and it makes sense for it to behave that way.

[TheKDub]

13 hours ago, MrDynamicMan said:

whatsapp does most of those things.

Except it's a child of Facebook.

[Zodiark1593]

12 hours ago, djdwosk97 said:

I still use SMS with anyone who doesn't have an iPhone (with one exception who refuses to use the stock messaging app on Android and so I have to use signal with him). I'm really just not interested in having to use multiple Messengers. Luckily for me, the people I actually talk to frequently all have iMessage.

I'm kind of in the opposite boat here. Everyone I talk to with any regularity has iMessanger, but I use Android. Kind of a real thorn when I only have wifi to send messages with as no one has a reason to use any other messanging app. Eventually settled on using Google Voice for SMS when I'm at the gym (no cell signal, but free wifi) and just updated everyone's address books with my "other" number.

[DeScruff]

Ok so I was super late to the whole "owning a smartphone" thing, and honestly don't talk to people much using my phone...
So can someone please explain what is the purpose of these messing apps? Cause to me they seem like more of an inconvenience,  since it requires both parties to have said app, of which there is a million and a half of them for as I can see almost no reason.
If SMS was getting long in the tooth it seems like it makes more sense to do what Google seems to be doing here? and trying to get a new standard up and running that mutliple apps I imagine would use.