Just wondering if such an option is possible on a phone that is totally Google-free or is virtually de-Googled?

  • @jet@hackertalks.com
    link
    fedilink
    English
    12
    edit-2
    3 months ago

    Considering the RCS implementation, at least as I understand it, utilizes Google services. No you’re going to have to deal with Google.

    RCS is not an open protocol for federation.

    That being said, if you want an open app that talks to the Google APIs, but doesn’t run Google code locally on your phone, then there’s probably a path.

    You could always run something like graphene os with sandboxed Google services, completely restrict the network access to the bare minimum to allow RCS to function. At least in one profile

    • @ItsComplicated@sh.itjust.works
      link
      fedilink
      English
      33 months ago

      Please forgive my ignorance, (I am not a tech savvy person). Does this mean once RCS is adopted by Apple, Google services will have to be installed on iPhones? How does that work?

      • rookie_e
        link
        fedilink
        English
        63 months ago

        Oversimplified:

        GSMA created a RCS - that is a protocol. Then they released a “basic spec”- Universal Profile. Anyone who implements this spec can guarantee that their RCS messages will work with anyone else’s messages.

        Some internet providers, network manufacturers, some OEMs implemented Universal Profile (UP here and next) in their systems. And also Google and Microsoft announced they have done Universal Profile too. Check this list of parties that created their own thing, with a UP = they are all working together

        So. At this point in history you have nothing to do with Google. If you want to receive and send RCS, you have a spec to follow and a protocol to use. Everyone else with UP will be able to communicate with you. You can add some nice things above UP, with the understanding that only your clients will enjoy them. Think about it as AOSP (bare android) vs Google’s pixel android vs Samsung’s android vs Xiaomi’s thing. They are independent, but they have some specs to follow, and it is still android behind the doors.

        At some point in time Google said to providers: "Either you are joining the movement and create your own infrastructure with UP spec to work with RCS (and then the “text messages” are still going through your provider, as the SMS do), or we will transfer the messages via our own servers (since you don’t support the protocol to move them through you).

        This was criticized, because GMSA’s RCS protocol does not support e2e encryption. This is ridiculous complain, because SMS are not encrypted and ARE FULLY VISIBLE TO ANYONE including your provider, and a hacker with 100 dollars to spend on SS7 attacks. If you are not a hacker, in our and other countries there is a subscription model for SS7 vulnerability based “hacks”.

        Anyways. Google said ok, and implemented Signal protocol for e2e above RCS. Think again about difference with AOSP android and Pixel android - you can have nice things on top.

        So. Nowadays. There is a Messages app on your phone. If you want to, it will send RCS. Because it is Google’s version, it supports e2e. If your provider has implemented RCS, the message goes through your provider (as the rest of SMS). Most providers don’t bother, so the RCS goes through Google’s servers. Since right now you’re only sending RCs between a Google’s version to a Google’s version, everything is e2e encrypted (and evil google won’t read this tiny bit of your information on top of everything they know about us 😌).

        If Apple implements RCS, the situation will be similar. Apple will use their app to send RCS to non-imessage contacts. Providers with RCS support will handle the messages (just like they do with SMS). Otherwise Apple will handle their part and on the receiving end a provider with RCS support or google do the rest.

        Important note: protocol as it is written is not e2e. So if Apple continue to be pricks, they will implement the bare minimum and will say: “Use imessage, it is safe, don’t use green bubbles, they are unsafe”. The other option: they can push GSMA to update the protocol with e2e. Or they can adopt Google’s version with Signal protocol on top. Sometimes this happens with specs - a large player can force everyone to support extra features.

        • rookie_e
          link
          fedilink
          English
          33 months ago

          P.S. messages via pigeons are waaaaaay more secure than SMS. For a fun time, search for something like “examples of SS7 vulnerabilities / attacks” and enjoy reading. That’s why 2G, parts of 3G and SMS must die - SS7 is insanely broken (it was created before security was invented as a word)

        • @ItsComplicated@sh.itjust.works
          link
          fedilink
          English
          33 months ago

          I appriciate your detailed reply. I am still a bit confused though.

          If Google is “the man in the middle”, and Apple decides not to create thier own RCS or UP protocol, this seems to imply iphone users are now sending thier information to Google servers (Google will now have your information), in addition to Apple and the phone carrier. Is this correct?

          Very possible I am misunderstanding everything, due more to my ignorance than your explanation. Thank you for your patience.

          • rookie_e
            link
            fedilink
            English
            23 months ago

            So…

            1. If Apple doesn’t implement Signal and if they don’t contribute to the RCS protocol (they can do it, the same way as they do for the Qi charging thing, they did contributed to the same type C standard they were avoiding all this time, they do contribute to av1 codec etc etc)
            2. And at least one of the 2 service providers does not have RCS implemented yet

            then the info will go through google eventually, and if it is not e2e, then Google will see it.

            Just a reminder, they do currently send SMS to android, and sms is fully unencrypted and fully visible to virtually anyone (including to google and everyone in the country on the receiving end).

            I doubt Apple will ignore e2e just to flip Google with “green bubbles are insecure, use iMessage”. And people (if they are not Pavel Durov of Telegram) have a lot of faith in Signal protocol, so they don’t have to revolutionize anything - there is a good enough thing to implement.

            And if Google and Apple both use Signal on top of the standard, it will become standard.

            • @ItsComplicated@sh.itjust.works
              link
              fedilink
              English
              13 months ago

              Thank you!!! Your breakdown was extremely helpful. You are very kind in taking the time to help me wrap my head around this. Much appreciated.

        • @YamiYukiOP
          link
          English
          2
          edit-2
          2 months ago

          Safe to assume them that Apple will utilize the bare minimum for RCS.

          When Apple implements RCS, was there any information on whether it’ll be dependent on the carrier or if Apple will build their own RCS infrastructure? Cuz I suspect it’ll be the former.

          And if Apple does build their own RCS infrastructure, I highly doubt it’ll have E2E encryption as that’s essentially iMessage. Will E2E encryption work if one side is Apple and the other side is Google?

          And for any RCS messages that doesn’t go through Google, does this mean that RCS is still being used sans E2E encryption? What does it look like in the Messages app?

      • @jet@hackertalks.com
        link
        fedilink
        English
        13 months ago

        Great question.

        https://en.m.wikipedia.org/wiki/Rich_Communication_Services

        As far as I can tell, each carrier needs to run its own RCS implementation, something like universal profile.

        Google is running some RCS hubs, which are the interlink between different RCS implementations between operators. I think Google is able to implement RCS messaging for anybody on any carrier, because they can basically man in the middle at the hub.

        So if you want to use Google hub, you have to use Google’s api.

        I’m not sure how this works for the individual carriers, if there can be a generic RCS phone app and talk directly to the carrier.