In the past, I’ve heard about how Google can keep records of all your Google phone’s past locations and text messages.

What about RCS messages which supposedly are encrypted from Android to Android? I know that it’s possible that they secretly keep a log behind the scenes, but as far as the regular consumer knows is there any record being kept with regard to the contents of these RCS messages?

  • frongt@lemmy.zip
    link
    fedilink
    arrow-up
    27
    arrow-down
    1
    ·
    2 months ago

    Download all your Google account data and find out.

    The NSA certainly does keep a copy regardless.

  • pHr34kY@lemmy.world
    link
    fedilink
    arrow-up
    18
    arrow-down
    1
    ·
    edit-2
    2 months ago

    Meanwhile I applied for reimbursement on my failing Pixel 6a battery and Google keep asking for proof that I own this phone. They won’t even allow it on RCS. The trust issue goes both ways.

    I do find it suspicious that governments are targeting Signal’s E2E encryption but not RCS, FB Messenger or WhatsApp. It’s clear which ones are compromised.

  • Ulrich@feddit.org
    link
    fedilink
    English
    arrow-up
    14
    arrow-down
    2
    ·
    edit-2
    2 months ago

    If you’re able to successfully navigate the fucking maze of settings both on your device and your account, and stay up to date when Google silently opts you into new “features” so you can opt out of them, then probably not. But honestly, no one knows except Google, and they’ve given you every reason not to trust them.

    In regards to RCS, probably the same as every other quasi-private messaging platform: the content of your messages is encrypted and private, but your social graph, who you talk to, when, and how often, is property of the corporation. Or if you’re messaging someone on a Samsung or Apple device, then multiple corporations.

  • shaggyb@lemmy.world
    link
    fedilink
    arrow-up
    10
    ·
    2 months ago

    Of course they do.

    And if they don’t, someone else does.

    Google software is not secure, nor are they interested in preserving anyone’s privacy against third parties or honoring their own terms about data sharing.

    Your shit is everywhere.

  • evilcultist@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    7
    arrow-down
    1
    ·
    2 months ago

    I’ve read that the encryption keys are stored on Google servers. If so, they could decrypt them if they wanted.

    • artyom@piefed.social
      link
      fedilink
      English
      arrow-up
      5
      ·
      2 months ago

      MMS is not a text message, it’s a media message (that’s what the M stands for).

      Yes, RCS chats are encrypted (supposedly)

      • EveryMuffinIsNowEncrypted@lemmy.blahaj.zone
        link
        fedilink
        English
        arrow-up
        1
        ·
        2 months ago

        MMS is not a text message, it’s a media message (that’s what the M stands for).

        See, that’s interesting because I was always taught that “text message” is just an overarching term used to describe SMS and MMS. The notion that a text message is a synonym of SMS and only SMS is a new one to me!

        Yes, RCS chats are encrypted (supposedly)

        Good to know! Do you happen to know if the decryption keys are stored offline or on the carrier’s end? Because if the latter, then okay it’s more secure than SMS or MMS but only in the sense that some encryption is better than none. Lol.

        • artyom@piefed.social
          link
          fedilink
          English
          arrow-up
          2
          ·
          2 months ago

          I mean it’s in the name. A message containing media and not text is simply not a text message. Many people use them incorrectly but it’s literally in the name.

          RCS is (supposedly) E2EE so keys are stored locally.

          • EveryMuffinIsNowEncrypted@lemmy.blahaj.zone
            link
            fedilink
            English
            arrow-up
            1
            ·
            2 months ago

            I mean it’s in the name. A message containing media and not text is simply not a text message. Many people use them incorrectly but it’s literally in the name.

            Hey, I get it now. Lol. I was just explaining what my mindset was.

            RCS is (supposedly) E2EE so keys are stored locally.

            Well, you can have E2EE with keys stored server-side. It’s just kind of pointless from a security/privacy standpoint, but I’ve seen it happen.

            • artyom@piefed.social
              link
              fedilink
              English
              arrow-up
              1
              ·
              edit-2
              2 months ago

              No you cannot. E2EE = end to end encrypted. If it can be decrypted from anywhere other than a sender or recipient (the ends) then it’s not E2EE.

              • EveryMuffinIsNowEncrypted@lemmy.blahaj.zone
                link
                fedilink
                English
                arrow-up
                1
                ·
                2 months ago

                You are clearly misunderstanding me.

                If the keys are stored server-side, that means it’s stored by either the “sender or recipient”. The server is among those two options.

                • artyom@piefed.social
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  ·
                  2 months ago

                  I am not misunderstanding you. You just do not understand what E2EE means. Th server is not a sender or a recipient. It is not an “end”.

  • utopiah@lemmy.ml
    link
    fedilink
    arrow-up
    4
    ·
    2 months ago

    If you login with Google on your phone with an OS made by Google then you can expect ALL the content on that phone to be potentially at least processed by that company which might including sending back data in some form.

    That’s not just Google or Microsoft, it’s any operating system. The OS can see everything you can see and more. If you do not trust the maker of the OS then you have a problem that no application ran by that OS can solve. encryption in all its forms, e.g. encrypted disk, E2EE or homomorphic encryption do not matter if you are on an “end” (e.g. your phone or desktop) that you do not trust.

  • Melody Fwygon@lemmy.one
    link
    fedilink
    English
    arrow-up
    2
    ·
    edit-2
    2 months ago

    As the Messages RCS implementation is supposedly E2EE from device to device; No. It is not possible that a log of your messages’ contents are being kept.

    Can it stop them from storing your encrypted messages to decrypt later if law enforcement should be able to confiscate your phone and extract the encryption key? Also No. It is not possible for E2EE to prevent “Store ciphertext and decrypt later” attacks.

    It also cannot prevent companies from logging who you are conducting an encrypted conversation with; even if the contents cannot be seen and this information cannot be used to infer anything about the contents. It cannot stop companies from making inferences about your messaging activity due to timing of messages sent or who they are sent to.

    If these kinds of attacks are on your threat model; you need to ensure you are not sending messages or information via electronic means via your phone to begin with, wherever possible.

    It is absurd to assume that they have backdoored the RCS protocol without proof or evidence. This isn’t saying it’s a verifiably secure or private protocol; but I think you could trust an E2EE RCS message for long enough to help you get someone else onboarded on to Signal or another more properly encrypted messenger without needing to worry about being put on a watch list. I would trust it with my grocery list or trivial communications with family; even if I wouldn’t trust it with my truly personal or private conversations.