@[email protected] If you can view your iMessage messages on the web it means that Apple has your encryption keys. That would entirely defeat end to end encryption. And when a government agency comes to Apple to get a copy of your messages, they would have to surrender them, something they cannot do today.
Android
Android news, reviews, tips, and discussions about rooting, tutorials, and apps.
General discussion about devices is welcome. Please direct technical support, upgrade questions, buy/sell, app recommendations, and carrier-related issues to other communities.
Rules
Rules
- Stay on topic: All posts should be related to the Android operating system or ecosystem.
- No support questions/rants/bug reports: All posts should benefit the community rather than the individual. Please refrain from posting individual support questions, rants, or bug reports.
- Describe images/videos: Please provide an explanation in the self-post body when sharing images or videos. Memes are not allowed.
- No self-promotional spam: Only active members of the community can post their apps, and they must participate in comments. Please do not post your own website, YouTube, or blog.
- No reposts/rehosted content: Submit original sources whenever possible, unless the content is not available in English. Reposts about the same content are not allowed.
- No editorializing titles: Do not change article titles when submitting. You may add the author if relevant.
- No piracy: Do not share or discuss pirated content.
- No unauthorized polls/bots/giveaways: Do not create unauthorized polls, use bots, or organize giveaways without proper authorization.
- No offensive/low-effort content: Avoid posting offensive or low-effort content that does not contribute positively to the community.
- No affiliate links: Posting affiliate links is not allowed.
@[email protected] No, that's not correct. It seems you have gotten some misinformation. See the following for a recent implementation:
https://tjthinakaran.blog/wp-content/uploads/2024/04/Beeper-attachment-3-28-24.pdf
@shac @winterschon A convenience bonus for Google and perhaps a reason to dislike iOS. How does WhatsApp web manage to maintain e2e encryption, then?
Webapps generally rely on TLS for data in transit, but full E2EE requires data at rest encryption as well
Since whatsapp is not a part of the hardware storage at the block level it has no control over anything other than the data it presents to the OS -- which may or may not be encrypted separately.
I don't use whatsapp so I've not looked into that side of its implementation, but here's the NCC audit if that seems appealing to review: https://www.nccgroup.com/media/phzpm0qv/_ncc_group_metaplatforms_e008327_report_2023-11-14_v10.pdf
@[email protected] keep in mind, that it isnโt always e2e encrypted on Android (not for SMS and for RCS it depends on the used mobile ISPs gateway implementation (if not jibe) and on the remote devices. So, depends of this is really a pro instead of cons on the point of view.
@[email protected] for sure, and that is a present concern for RCS protocol, which is sorta lenient from the carrier perspective. it comes as only a minor surprise that they (cell phone / teleco) wouldn't want to get into the encrypted traffic side of the engineering -- otherwise:
- they would likely argue for a backdoor
- they would likely wedge deep packet inspection provisions
- they never want to do anything for free
- they would bicker amongst themselves and turn it into vaporware
telco cannot be trusted for end-user security, so the implementation of RCS (as you mentioned) really matters quite a lot. My primary annoyance with iOS in this regard is that they've refused to implement AES or TLS or anything else on top of their RCS stack, but at least in this scenario it's usable from a browser regardless.
@[email protected] One reason for โTelcos cannot be trustedโ is being forced to assist lawful interceptions. And back in the days where SMS has been frequently been used on the SS7 protocol via UCP and SMPP, every hop could read everything in plaintext (still today). However, e2ee with vendor pre-generated keys (e.g. IMessage) isnโt really better - you can never be sure that not somehow an additional key for encryption got created. People may now say use opensource and right, this might be betterโฆ