Google Messages Are Not Always Encrypted
Google doesn’t have the best track record on user privacy, but it’s getting better. The messaging app Google Messages now comes pre-installed on most new Android devices and advertises its conversations as end-to-end encrypted. The way Google advertises its app, you might think that using it means all your chats with friends, family, and colleagues are protected. But that’s not true.
Some Google Messages chats are end-to-end encrypted.
It’s not that Google is outright lying here. Under certain circumstances, your conversations through Google Messages are fully encrypted, meaning only you and other chat participants can read the contents of sent messages.
This is made possible by a messaging protocol called RCS (Rich Communication Services). RCS has many advantages over the legacy SMS messaging protocol (typing indicators, high-resolution photo and video sharing, improved support for group chats, etc.), but the key benefit for our purposes is end-to-end encryption. When you send an RCS message from your phone to another phone using RCS in a way that supports end-to-end encryption, the message is “encrypted” and appears incomprehensible to anyone who intercepts it. To decrypt it, you need access to the “key”, which for messaging is one of the devices involved in the chat. RCS messages appear in dark blue, as opposed to light blue SMS messages.
So someone who has Google Messages sends a message to another person also using Google Messages can take advantage of this encryption and not have to worry about their messages being intercepted or otherwise compromised. This also happens automatically if both parties support encryption: Whenever your chats are fully encrypted, you’ll see a small padlock icon on the send button and next to the timestamp.
However, in all other cases, such encryption is not supported and therefore your messages are not secure.
When Google messages are not end-to-end encrypted
Remember that there are two key components to ensuring these messages are end-to-end encrypted: messages must be sent via RCS, and all parties must use Google Messages. Unfortunately, there are many situations where one or both of these requirements are not met.
Let’s stick to Android for a second. Google Messages may be the default messaging app installed on most new Android devices, but it’s far from the only option available, even if Verizon and AT&T have disabled their messaging apps. Let’s say you use Google Messages on your phone and your friend uses Samsung Messages. Any chats between you are no longer end-to-end encrypted. The same thing happens if they use the popular Textra SMS app on their end: everything but Google Messages, and you will no longer have access to end-to-end encrypted messaging when you use Google Messages yourself.
The same applies to messaging with iPhone users . Starting with iOS 18, iOS supports RCS, which means messaging between Google Messages on Android and Messages on iPhone is encrypted. But no: it’s still RCS, but there’s no end-to-end encryption. You get other benefits of RCS, like pop-up messages and working group chats (thank goodness), but the messages are still not secure.
Google needs to clarify how its messaging platform handles encryption
John Gruber of Daring Fireball recently highlighted this issue on his blog , expressing frustration with Google for its misleading security claims. Indeed, when you go to the Google Messages Play Store page , the second image says: “Conversations are end-to-end encrypted.” Gruber notes that the accurate statement would be, “Some conversations are end-to-end encrypted,” and that this would naturally prompt customers to ask, “Well, what are those conversations?” Google probably wants to make things easier, knowing that many Google Messages users will be messaging other Google Messages users using RCS. But the fact that there are so many situations in which this is not the case means that people will assume that their messages are encrypted when in fact they are not.
The app description is a little clearer: “Privacy matters: Rest easy knowing that your private chats are protected by end-to-end encryption between Google Messages users , so no one (including Google and third parties) can read or view your messages and attachments. except the person you are sending the message to. Plus, enjoy enhanced anti-spam protection.” But even here, Google doesn’t say that all participants must use RCS, and if they’re using an older version of Google Messages, they may not have the option of end-to-end encryption, making the conversation less secure.
This doesn’t mean you should avoid Google messages entirely. Many of your Android friends probably use it, so your chats may already be encrypted. And the GSM Association, which develops RCS, is working on introducing encryption to RCS on the iPhone . However, if you’re serious about your privacy and have a contact who, for whatever reason, doesn’t support end-to-end encryption of chats through Google Messages, you both can switch to a platform that natively supports this encryption, like Signal. or WhatsApp.