The sending and receiving ends are the devices, not the humans. If you don’t want the device to see it, you’ll need to do the encryption and decryption in your head.
By not storing decrypted message on device? You can also block screenshots if you have a reasonable suspicious your screen can be used to capture the text shown on the device.
Apps using Flag_Secure and Secure_display can block screencapture. While user apps stay below MDM apps in privilege. The MDN app themselves reside below the android system.
Do you have a source of MDM apps bypassing secure display and having the ability to capture the display?
Google maintains both the Pixel device management and Google Messages. Do you really think they would have locked their own MDM out of their own messaging app?
No, I saw, but the initial post is about RCS and Google’s MDM API. You’re fighting real hard over something Google has total control over. Signal might be fine, but if you’re not the device owner, you should always assume security is compromised in favor of the actual owner. With MDM, the company can install whatever they want on the device.
Messaging apps often implement various APIs for better Android integration. But even if they don’t, any management service can implement certain APIs, like the accessibility API, that gives them access to everything each app is doing. In that case, it can’t necessarily read the messages as data, but it can record your screen as image or video.
The sending and receiving ends are the devices, not the humans. If you don’t want the device to see it, you’ll need to do the encryption and decryption in your head.
Not sure if you are intentionally being obtuse. But, this is not a hard problem. It has already been solved.
We have Signal, OMEMO in XMPP which already do that. You don’t need to do any encryption in your head…
And how do those apps prevent device management from accessing the messages when they’re decrypted?
By not storing decrypted message on device? You can also block screenshots if you have a reasonable suspicious your screen can be used to capture the text shown on the device.
The apps run at less privileges than device management apps. They can’t do any of that
Apps using Flag_Secure and Secure_display can block screencapture. While user apps stay below MDM apps in privilege. The MDN app themselves reside below the android system.
Do you have a source of MDM apps bypassing secure display and having the ability to capture the display?
My dude.
Google maintains both the Pixel device management and Google Messages. Do you really think they would have locked their own MDM out of their own messaging app?
I was talking about signal. Did you miss that?
No, I saw, but the initial post is about RCS and Google’s MDM API. You’re fighting real hard over something Google has total control over. Signal might be fine, but if you’re not the device owner, you should always assume security is compromised in favor of the actual owner. With MDM, the company can install whatever they want on the device.
If the app has decrypted messages, device management can see them.
How? The decrypted messages would have to be stored in plan text to be read. Unless, it can be read from RAM…
If you can read it, they can read it. They have root on the company device.
If it’s rooted sure. But, regular work profile phones with MDM software are not.
Messaging apps often implement various APIs for better Android integration. But even if they don’t, any management service can implement certain APIs, like the accessibility API, that gives them access to everything each app is doing. In that case, it can’t necessarily read the messages as data, but it can record your screen as image or video.
True, but Accessibility API cannot bypass secure display, and secure flag I had replied that in another comment so I did not mention that here.
MDM has far more privileges than Accessibility will grant.
Exact same problem it is unencrypted on the device. You know you have to be able to read the message.
It is stored encrypted last I checked the signal website…