This Is Why You Should Stay Away From Android Messages
3 Aug 2021
Serious security issues impact millions of users worldwide, no matter if they use Apple or Android messaging apps.
In the last blog post we have reviewed the topic of Apple being able to read your iMessages. Now we take a look at Android Messages, an issue that gets little attention, even though it puts private information of half a billion people at risk. Google’s Android Messages boast such a big number of users simply because it's a default option for messaging.
The security threat which impacts Android Messages is related to the switch to Rich Communication Services or RCS, a protocol between mobile telephone carriers and between phone and carrier, which can be considered a modern SMS.
Out Of The Box RCS Is Not So Different From SMS
You probably know that SMS is dismally unfit when it comes to data security.
What you might have missed is that the transition from SMS to RCS without a complete security overhaul can expose most mobile users to hackers, who could overtake their accounts.
That becomes possible because Android Messages do not implement good enough domain and certificate validation, allowing hackers to intercept communication and manipulate it through a DNS spoofing attack. While Android Messages have added end-to-end encryption to its RCS platform, it’s only in beta. You and your contacts have to be enrolled in the beta program to use it. Also Google’s RCS end-to-end encryption only works between two individuals, and only between one device per person.
No RCS security issues were addressed ahead of the launch of end-to-end encryption beta.
Google refuted any concerns by restating that chat features use Transport Layer Security (TLS) for message protection. Although TLS can protect your messages from the basic risks, TLS will not protect your data from Google itself.
So using Android Messages wouldn’t be any different from using other apps, like Facebook Messenger, which reads your messages to track policy violations.
Understanding The Difference Between Security of Various Apps
Advising people to leave WhatsApp for Samsung or Android messages proves to be harmful.
It’s not only about encryption too. Back when Apple started the trend for privacy labels, forcing app developers to disclose all the data collected from users, it became evident that WhatsApp demanded a lot more data than its competition. What about Android Messages?
Even though we can’t see the privacy labels for Android Messages, we can use Gmail to understand Google’s data collection policy better.
It becomes clear that Android Messages collects more personal data than iMessage.
To summarize, when messages travel through the RCS platform, they are encrypted only between Google and your phone. And until they are, Google has the key to that encryption, meaning it can read them. Ironically, WhatsApp is a better option than Android Messages security-wise, because it has end-to-end encryption.
So to make sure that your messages are never exposed to a service provider or any third party, you should choose a secure messenger alternative that offers you end-to-end encryption and doesn't collect more data than it actually needs to provide a service.
Consider StealthTalk as your go-to secure messenger, and try its 30-day free trial today.