At least they’re trying? Meanwhile Google has spent 2 decades refusing to release a messenger that encrypts by default because they think they should be able to mine all your personal conversations.
I take that back, they announced encrypted messaging, then never released it, then probably fired the engineer who said it’d be a feature in allo (or whatever their last attempt was).
You are confusing security (no exploits) with privacy (encryption). The iMessage system is really private (no third party not even Apple can read your messages) but traditionally full of security holes (messages once decrypted can harm the rest of your device).
> no third party not even Apple can read your messages
This is not something that can be stated as fact unless 3rd party clients for a service exist. Apple can, with complete honesty, claim that messages are encrypted at rest/in transit all they want, but since they publish the only implementation of the client, they can modify it at any time to expose the messages to them, in any number of ways.
I'm not confusing anything. The entire point of the exploits in question are to BREAK the privacy provided by messenger. Google doesn't provide any in the first place, and actively mines your data. Who needs an exploit when it's never encrypted in the first place?
To further this: you realize NSO isn't selling these exploits to Russian kiddies to steal your bank info, right?
These exploits are used by people like the Saudi Government to uncover a Jeff Bezos affair. They're after politicians/power brokers for the purpose of accessing otherwise secure communications for the purpose of stealing state secrets or blackmail.
It absolutely does, you're exactly one subpoena away from that happening. Then you're at the mercy of Google deciding whether they care more about you or their balance sheet.
No that's not true.
Google just fails miserably at anything social, but almost every chat attempt from them eas encrypted, and now they are pushing RCS, which is also E2EE.
Google started pushing for carriers to use RCS in 2015, and launched it's own app for it in 2019 after that failed to move quickly enough. They didn't start adding E2EE to it until 2020, and it wasn't the default until 2021.
Though it can fall back to SMS in case you don't have data, which isn't E2EE. I'm not sure what the UX flow is like in that case, whether it warns you and asks for permission to send over less secure channel.
I was under the impression that this is a 'proprietary' extension between Google devices, and that there was no RCS-standard-based E2EE:
> The RCS specification defines several types of messages. Our implementation of E2EE uses varying strategies for encrypting each type of message to maximize user privacy while still adhering to the RCS specification.
How is that related? Encryption doesn’t really protect against malicious payloads being sent. Quiet the opposite actually as they can’t be scanned / stripped on the server.
iMessage or android messages? iMessage is E2E by default, unless one or more parties own multiple apple devices, in which case apple stores an encryption key on iCloud and maintains E2EE connections with every connected Apple device. This changes if you turn on Advanced data protection-- then iCloud no longer has the ability to decrypt messages. Somewhat unrelated but ADP is off by default as most customers do not want or need this.
Android Messages, the competitor to iMessage. The parent claimed that Google resists encrypting anything so they can mine your data. I was merely trying to ask for accuracy. I don't know the technical aspects of every Google messaging app but as the other responses in the thread confirm, Messages is end to end encrypted by default for non-SMS messages.
I just checked and Google does have a Messages app, different from the Messages app on my phone, probably by Samsung, which deals with SMSes. According to Play it has 1B+ downloads so it's probably preinstalled.
Anyway, the competitor of iMessage and Messages is WhatsApp. Nobody is sending me SMSes except banks so even iPhone users use WhatsApp to send messages to friends and to groups in my country. If somebody would insist using only iMessage they would be out of the loop. And about Messages, well, I don't have that app, I receive no SMSes, I still communicate with everybody so I guess that nobody uses Messages too.
iMessage is E2E even without ADP, even with groups and multiple devices. The details are complex, but they are publicly documented here[1]:
The issue (I think) you are referring to is that if you enable iCloud backup[2] or iCloud for Messages[3] (both of which move effectively move the storage of the messages to the cloud, either as part of the device backup or as the canonical representation that devices sync from respectively) then the messages decoded on device will be stored in blobs that iCloud has the keys to unless you enable Advanced Data Protection.
That would be probably 100% of the iOS users that I know, including my entire family. Everyone's got an iPhone, iPad, Apple Watch, Macbook etc. It's such a nice ecosystem, so it's hard not to get hooked.
I take that back, they announced encrypted messaging, then never released it, then probably fired the engineer who said it’d be a feature in allo (or whatever their last attempt was).