I have no insider knowledge here, but Google tried to go the high route of working with carriers for years before giving up on their intransigence.
I suspect that Google's RCS is proprietary as a blunt instrument to prevent carriers from trying to either (a) undermine e2ee in some weasely way or (b) have the ability to pick and choose the pieces of the implementation they want to support. You either get the whole thing, with e2ee that you don't control, or nothing.
Sadly the lesson from Google, Apple, and Whatsapp here appears to be "cooperating with telecom carriers is a fool's errand".
Google had the opportunity to own this space a decade ago when they made Hangouts the default SMS client on Android. It's exactly what Apple did with iMessage, but Hangouts was cross-platform.
It's absolutely bizarre to me they didn't iterate on that. I'm kind of glad they didn't.
On the flipside, Hangouts being sunset is the main reason I eventually left the Android ecosystem. Hangouts on a Pixel phone on Google Fi service was excellent for an SMS app. Feeling snubbed by the life getting choked out of Hangouts, I'm no longer a user of all 3.
Yeah, it really is the post child for Google not being able to innovate in it's modern form.
What's really changed about their core products in the last 10 years? (maps, mail, ads, YouTube, docs/gsuite) some of them have gotten some nice QoL improvements but nothing has really been added to that list because they keep killing products off.
I'd have much rather iMessage only open up interoperability with E2EE platforms like signal or even Whatsapp (because Facebook is somehow the lesser evil in this corner of the privacy world).
In theory, E2EE is good until someone you are messaging turns on iCloud backup of messages you sent and now law enforcement can force Apple to give them your iCloud backup - with iMessage
There’s always a risk that someone you’re sending a message to has been compromised but most of us are never at risk from that, as opposed to things like dragnet data collection or server breaches. E2EE is solving the problems it’s designed to solve, so it’s not a problem that things out of scope are more complicated.
They are encrypted, but (by default) the key is escrowed for recovery by Apple support, which LE can request just as well as the account owner (or other parties with judge decree, such as surviving relatives)
And this is, honestly, a pretty reasonable default. For the average person, the failure mode is "I lost my phone, and I can't remember my iCloud password", not "I really need the cops to not be able to get into my backup", and they'd be super pissed off if Apple couldn't get them their data back. Having good security be available, but not the default, and requiring you to acknowledge the risks is a sensible trade-off for the customer service problems it might cause.
I kinda agree with you, but I think there's also a reasonable argument to be made around the idea that a user might be super pissed off that Apple made the default be not secure against state actors.
Also, how many people actually care all that much about their message history? I know I do (and I have 1GB of SMS/MMS/RCS message history dating back to 2010 that I back up to GDrive nightly), but it seems to me that most people don't care about their message history that much?
The nice thing is that there is now an advertised set of features to protect against state actors in the form of Advanced Data Protection, Lockdown mode and (soon) iMessage Contact Key Verification.
These all have significant usability impacts; I think Apple still has the correct defaults.
Finally, my understanding is that recovery keys are escrowed in a HSM separate from cloud hosting, and releasing an escrowed key is an audited event. My concern is mostly about actors accessing my data or surveilling me without transparency, as that gives no chance for accountability.
I'll grant that what people really care about is their backed up photos, and there's nothing stopping Apple from having separate security strategies there.
That said, I suspect that there's more people out there who're going to lose their text history with their dead parent and be distraught over that, than who're going to be actively upset that the state can subpoena their messages.
As opposed to the same someone just going to the police and showing them your messaging? Or getting caught and forced to open it? Or being an idiot and sending a screenshot to it to Facebook?
The issue you describe is just not an attack vector that is in anyway relevant, if you can’t trust the other side, every hope is already lost.
This is just me but I’m less bothered by Big Brother than I am by little brother.
I don’t worry (very much) that law enforcement will read my messages but I do worry that advertisers, insurance cartels, spam marketeers, bookmakers or price gougers will.
Sure, but in practice, everyone's RCS is currently E2EE since everyone uses Google's client and Google's server.
This should change, certainly! Hopefully Apple will force Google to open up their implementation and protocol for E2EE so they can build a compatible implementation.
Maybe. The challenge with E2EE is how to resolve an email address or phone number to the authoritative public key and networking route, securely. If we wind up with multiple authoritative sources of that mapping, each one has the potential to lie and become an avenue for surveillance. Thats ignoring for the moment lesser issues, such as privacy issues with leaked metadata in querying these sources.
Things like Key Transparency in the IETF are tackling some of this, in the sense that they'll provide public evidence of tampering.
I don't suspect what Google has implemented for their own client/server setup gets us close to a multi-party solution within RCS Universal profile.
I suspect that Google's RCS is proprietary as a blunt instrument to prevent carriers from trying to either (a) undermine e2ee in some weasely way or (b) have the ability to pick and choose the pieces of the implementation they want to support. You either get the whole thing, with e2ee that you don't control, or nothing.
Sadly the lesson from Google, Apple, and Whatsapp here appears to be "cooperating with telecom carriers is a fool's errand".