143
submitted 11 months ago by ijeff@lemdro.id to c/android@lemdro.id
you are viewing a single comment's thread
view the rest of the comments
[-] Chozo@kbin.social 1 points 11 months ago

Doesn't RCS support E2EE if properly implemented? I seem to recall reading that the spec for RCS supports this, but it's just that carriers won't enable it.

[-] skullgiver@popplesburger.hilciferous.nl 11 points 11 months ago* (last edited 11 months ago)

No, E2EE is not part of any RCS spec yet. Based on news articles, Apple is implementing RCS but will supposedly ask the governing standards bodies to add E2EE to the spec so they can implement it according to the official specifications.

Google has implemented their own E2EE on top of RCS (based on Signal's messaging for one to one conversations, based on MLS for group chats), but they haven't published any specifications for that. It shouldn't be too hard to reverse engineer, but that shouldn't be necessary for any open protocol.

[-] Chozo@kbin.social 5 points 11 months ago

Google has implemented their own E2EE on top of RCS (based on Signal’s messaging for one to one conversations, based on MLS for group chats), but they haven’t published any specifications for that.

Ahh, this must be what I was thinking of, then. Thanks for clarifying!

[-] QuantumEyetanglement@lemdro.id 2 points 11 months ago

https://support.google.com/messages/answer/10262381?hl=en

E2EE White paper (technical specifications) is listed on this site (pdf)

[-] skullgiver@popplesburger.hilciferous.nl 4 points 11 months ago* (last edited 11 months ago)

If you mean this link: that's a high level description of the protocol, but it leaves out important details.

For example, Google uses MLS for group chats, but the document only mentions the Signal protocol. In other words, E2EE for group chats is broken even if you manage to implement the protocol exactly as they describe.

For example, they say the client "registers with the key server" and "uploads the public key parts". What server is that? What protocol do we use? HTTPS POST? Do we use form/multipart? Do we encode the key in PEM or do we submit they bytes directly?

Another example: "Key material, digest, and some metadata are encrypted using the Signal session". Whay do you mean "some"? What algorithm is used to generate the digest?

The document is a nice high level overview, but worthless if you want to implement their protocol. It basically says "we put signal, and send the signal messages over RCS, with out own key servers. Here's how the Signal protocol works". If, for example, Ubuntu Touch would like to implement this into their messenger, they'll need to reverse engineer Google's Messages app, guided by the description in their whitepaper.

[-] QuantumEyetanglement@lemdro.id 1 points 11 months ago

Thanks for this explanation!

this post was submitted on 22 Dec 2023
143 points (95.5% liked)

Android

17668 readers
25 users here now

The new home of /r/Android on Lemmy and the Fediverse!

Android news, reviews, tips, and discussions about rooting, tutorials, and apps.

🔗Universal Link: !android@lemdro.id


💡Content Philosophy:

Content which benefits the community (news, rumours, and discussions) is generally allowed and is valued over content which benefits only the individual (technical questions, help buying/selling, rants, self-promotion, etc.) which will be removed if it's in violation of the rules.


Support, technical, or app related questions belong in: !askandroid@lemdro.id

For fresh communities, lemmy apps, and instance updates: !lemdroid@lemdro.id

💬Matrix Chat

💬Telegram channels / chats

📰Our communities below


Rules

  1. Stay on topic: All posts should be related to the Android OS or ecosystem.

  2. No support questions, recommendation requests, rants, or bug reports: Posts must benefit the community rather than the individual. Please post to !askandroid@lemdro.id.

  3. Describe images/videos, no memes: Please include a text description when sharing images or videos. Post memes to !androidmemes@lemdro.id.

  4. No self-promotion spam: Active community members can post their apps if they answer any questions in the comments. Please do not post links to your own website, YouTube, blog content, or communities.

  5. No reposts or rehosted content: Share only the original source of an article, unless it's not available in English or requires logging in (like Twitter). Avoid reposting the same topic from other sources.

  6. No editorializing titles: You can add the author or website's name if helpful, but keep article titles unchanged.

  7. No piracy or unverified APKs: Do not share links or direct people to pirated content or unverified APKs, which may contain malicious code.

  8. No unauthorized polls, bots, or giveaways: Do not create polls, use bots, or organize giveaways without first contacting mods for approval.

  9. No offensive or low-effort content: Don't post offensive or unhelpful content. Keep it civil and friendly!

  10. No affiliate links: Posting affiliate links is not allowed.

Quick Links

Our Communities

Lemmy App List

Chat and More


founded 1 year ago
MODERATORS