GSMA plans end-to-end encryption for cross-platform RCS messaging

September 18, 2024Ravie LakshmananMobile Security / Encryption

The GSM Association, the governing body that oversees the development of the Rich Communications Services (RCS) protocol, said Tuesday it is working to implement end-to-end encryption (E2EE) to secure messages sent between the Android and iOS ecosystems.

“The next important step for the RCS Universal Profile will be to add important user protections such as interoperable end-to-end encryption,” said Tom Van Pelt, GSMA CTO.

“This will be the first deployment of standardized, interoperable messaging encryption across different computing platforms, addressing significant technical challenges such as key federation and cryptographically enforced group membership.”

The development comes a day after Apple officially rolled out iOS 18 with RCS support in its Messages app, which includes advanced features like message reactions, typing hints, read receipts, and high-quality media sharing, among others.

RCS, an improvement over the current SMS standard, is currently not end-to-end encrypted, prompting Google to implement the Signal protocol to secure RCS conversations on Android.

Earlier this year, Apple announced that it would work with GSMA members to integrate encryption. It’s worth noting that the company’s proprietary iMessage service is E2EE-compatible.

“We look forward to continuing to collaborate across the mobile ecosystem to advance the RCS standard with interoperable end-to-end encryption to ensure the privacy and security of all RCS messages,” said Van Pelt.

Last July, Google also revealed plans to integrate the Message Layer Security (MLS) protocol into its Messages app for Android to facilitate interoperability between messaging services and platforms.

Just this month, Meta detailed its approach to enabling interoperability with third-party messaging services in WhatsApp and Facebook Messenger as part of its efforts to comply with the EU Digital Markets Act (DMA) while maintaining E2EE safeguards “to the extent possible.”

“Building chats for third parties is a technical challenge, and maintaining privacy and security is a shared responsibility,” the social media company said. “We’ve come a long way, but there’s still a long way to go.”