500 million of you are putting your security at risk…
There’s a serious issue that impacts hundreds of millions of Android Messages users worldwide—one that should have been flagged by the huge backlash that suddenly hit WhatsApp in January. But it wasn’t, it gets surprisingly little attention, even though it puts you and your private information at risk. Here’s what you need to know. Great news for Android Messages users this week—you can now schedule texts to automatically send some time later, which, Google says, “will continue improving the way you communicate and help you stay in touch.” According to Google, “half a billion people across the world use Messages to seamlessly and safely connect with family, friends and others every month.” Seamlessly yes. But safely? Maybe not. From almost nowhere,2021 has seen a belated and welcome focus on the security and privacy—or lack thereof—with the messaging apps we all use daily. WhatsApp has been slammed for the breadth of its data collection and for its back-end links to owner Facebook. Messenger has been outed for various security and privacy infringements. And iMessage has been lauded for further advancements to protect Apple’s userbase. One platform that has seemingly escaped such attention is Google’s Android Messages, which is surprising given those hundreds of millions of users. If you’re an Android user, then this is likely your default. If it’s not, if you’re a Samsung Messages user for example, then read on—for these serious issues impact you in exactly the same way. Android Messages, Samsung Messages and their equivalents are just SMS clients, now being upgraded to Rich Communication Services or RCS—basically SMS for the 21st century. If you’re a regular reader of this column, you’ll know that SMS fails dismally when it comes to securing your data. If you naturally assume that RCS will fix this issue, then think again. RCS out of the box is not that much more secure than SMS. As Google accelerated its RCS rollout in 2019, Germany’s SRLabs warned that upgrading SMS to RCS without a security rethink “exposes most mobile users to hacking,” that RCS provisioning “is badly protected in many networks… allowing hackers to fully take over user accounts.” And Google Messages “does not implement sufficient domain and certificate validation, enabling hackers to intercept and manipulate communication through a DNS spoofing attack.” You probably already have the RCS “chat” update to your Android Messages app, or you may have the functionality on Samsung’s own platform.
