Nov. 19, 2020
Today Google announced that it is beginning to roll out end-to-end encryption for beta users of the Google Messages app. At the outset this feature will only be available in one-on-one conversations between beta users, which will amount to a small subset of total messages. However, while the initial rollout will only reach this small subset of Android users, this is an important—though long overdue—first step toward Google’s plan to encrypt all messages by default.
Why is default end-to-end encrypted messaging important? The ability for two or more users to communicate securely is crucial to the protection of privacy and security. End-to-end encryption, the gold standard for messaging security, allows users to chat with friends and family; confer with colleagues; and communicate with medical professionals or other contacts where messages might be extra-sensitive. This is especially important because the current global pandemic means that many more conversations cannot take place in person. Encryption ensures that these messages are safe from interception by hackers and cybercriminals, and provides confidence that the only person who can read a message is the one you meant to send it to. Integrating this functionality into a tool that Android phone users already use everyday means that people don’t have to turn to messaging apps that might be less user-friendly, or commit to third-party platforms that only some of their contacts might use.
Other messaging services have been encrypted by default for years. These include Apple’s iMessage, which implemented default encryption in 2014; WhatsApp (now owned by Facebook) which implemented encryption in 2012 and end-to-end encryption in 2016; and Signal, the successor to previous encrypted apps TextSecure and RedPhone. Offering end-to-end encryption by default makes it easier to use, increasing the likelihood that people will benefit from this protection. Google taking this step also means that, in the long run, millions of people around the world will benefit from encryption without having to do anything they aren’t doing already.
In addition to the general benefits of more widely available secure messaging, the technical way that Google is implementing this change is interesting. Google Messages is built to use the Rich Communication Services (RCS) protocol, a replacement for SMS/MMS, the technology currently used for text messages. Even though it has gained adoption by mobile providers in recent years, RCS is still unevenly supported. In an effort to force its adoption, Google operates its own RCS network that is available to Messages users who may not have coverage from their mobile provider. A lack of end-to-end encryption has been a longstanding critique of RCS. When these end-to-end features are fully rolled out, any Messages user who has RCS available (either from their mobile provider or through Google) will have their one-on-one messages with any other Messages user (with RCS) automatically end-to-end encrypted. While this does not address concerns that encryption is not a core part of RCS, this announcement certainly shows encrypted messaging systems can be built on top of RCS.
The end-to-end encryption that Google is implementing will use the open source Signal protocol, which powers the eponymous Signal app and is widely considered to be an industry standard for message encryption. The Signal protocol has been widely reviewed by experts, and is already at the core of several messaging services, like WhatsApp.
The introduction of end-to-end encryption to Google Messages will likely generate questions around implementation details. Security experts will be interested in Google's approach to "key management," which is a core component to most cryptographic schemes. Keys are digital files that contain the numbers used in the math of cryptography. The ways in which an app generates, deletes, stores, shares, or makes decisions about which key to trust, are design choices that can affect the security and privacy guarantees of the app. Finding the balance between hiding the complexity of those decisions and showing enough information for people to understand what is happening is tough, and it will be interesting to see how Google has chosen to balance these considerations.
Although this is a welcome announcement from Google, it is disappointing that it took the company this long to begin introducing end-to-end encryption by default. Google Messages’ availability across many different manufacturers’ mobile phones makes it accessible in a way that Apple’s iMessage—which limits encryption to users of Apple devices communicating with other users of Apple devices—is not. It is also disappointing that, for now, group texts are not covered. Encrypted group texting is something that third-party tools like WhatsApp are able to provide. To be fair, encrypted group chat is known to be a "hard problem" for cryptography, and there isn’t an accepted standard way to do it. Given that complexity, this is a reasonable first step.
As of now, most users cannot rely on their Google Messages being encrypted by default. Only a small subset of total messages are, but that proportion will hopefully increase soon. End-to-end encrypted messaging is essential to protecting the privacy and security of everyone who communicates using Android devices. We welcome this important step Google is taking to expand the number of users who will benefit from end-to-end encrypted communications, and urge them to make the feature more widely available as soon as possible.