A shocking leak has simply seemingly confirmed an enormous iOS 18 replace but in addition a important lacking characteristic, one which Apple has been pushed for on the highest potential degree, and one which’s dangerous information for a billion-plus iPhone customers…
Google isn’t standard the supply of latest iPhone and iOS leaks—however it’s this time. And it would simply be that this undermines all the advantages we’d in any other case see. Apple has an issue—and absent an enormous shock that drawback isn’t getting mounted anytime quickly, as Google above all will know. As a result of Apple can’t do that alone—it wants Google’s assist.
We’re speaking RCS, the advance on Nineteen Nineties SMS expertise that’s now fortunately the default on Android. Late final 12 months, Apple u-turned and introduced RCS would come to iMessage in 2024. As I’ve stated for a while, this implies with iOS 18. Now Google has by accident confirmed precisely that. Nevertheless it appears to have inadvertently revealed what’s lacking as properly.
It was the eagle-eyed 9t05Google that first observed that “the Android web site has added a brand new touchdown web page for Google Messages that talks in regards to the first-party messaging expertise, whereas additionally noting that RCS on the iPhone is coming in fall 2024.” The point out, the positioning says, “roughly confirms” that this implies iOS 18, albeit not whether or not its first drop.
The touchdown web page has been modified with that reference eliminated, “roughly” admitting it was unintentional. TechCrunch “has confirmed that the textual content associated to Apple supporting RCS on iOS continues to be within the supply code of the web page.”
Nevertheless, it’s a reference additional down Google’s touchdown web page, one nonetheless seen, that’s important: “For conversations between Google Messages customers, end-to-end encryption is now enabled in your Android telephone by default.”
That is the frequent misunderstanding with each RCS typically and Apple’s replace particularly. RCS isn’t end-to-end encrypted. So in contrast to iMessaging between iPhone customers or Google Messaging between Android customers, or extra importantly WhatsApping between iPhone and Android customers, RCS between iPhone and Android won’t have that degree of safety.
That is important as a result of it’s the difficulty the DOJ highlighted in its lawsuit: “Apple is prepared to make the iPhone much less safe and fewer personal… Textual content messages despatched from iPhones to Android telephones are unencrypted because of Apple’s conduct. If Apple wished to, Apple might enable iPhone customers to ship encrypted messages to Android customers whereas nonetheless utilizing iMessage on their iPhone, which might immediately enhance the privateness and safety of iPhone and different smartphone customers.”
This may very well be solved in considered one of 4 methods: an iMessage shopper for Android—however Apple has repeatedly refused this; a Google Messages shopper on iOS—however Apple doesn’t enable an SMS API exterior iMessage, so this doesn’t work; a super-app resembling Beeper that may pull messages from each iMessage and Google Messages—however Apple very publicly shutdown Beeper’s entry to iMessage final 12 months; or Apple and Google collaborating to supply end-to-end encryption between their apps.
This final level is the one which’s usually confused the place RCS is worried. RCS is safer than SMS, however nowhere close to as safe as iMessage, Google Messages, Sign, WhatsApp and even Fb Messenger. This can be mounted by an replace to the core RCS platform itself, which is what Apple indicated they’d push for once they introduced RCS final 12 months. However given RCS was basically developed by an initiative that launched in 2007/08 and solely turned the Android default final 12 months—fifteen years later, you possibly can think about how lengthy and complicated a journey that will likely be.
The opposite method could be for Google and Apple to supply a direct interface between their apps. Finish-to-end encryption on Android is a part of Google Messages not core RCS, and it might want to supply a bridge to iMessage. The 2 platforms use totally different encryption protocols. Google makes use of Sign’s—as does a lot of the business, Apple makes use of its personal. However that’s a solvable drawback if the 2 ecosystem house owners collaborate—simply as they did with covid contact tracing.
That’s isn’t occurring, although, actually not anytime quickly or with the iOS 18 launch. Not until Apple and Google are maintaining this a very locked down secret, which might make little sense. It’s extra seemingly that Occam’s Razor applies and it’s simply as we’ve been led to imagine, there is no such thing as a cross-platform, end-to-end encryption coming anytime quickly.
So let’s flip to the DOJ lawsuit. That may mandate iMessage opening as much as Beeper or related tremendous apps which might change the equation, or it would push Apple to introduce an SMS API which might additionally apply to RCS and allow Google Messages run an iOS shopper to deliver totally encrypted RCS to each platforms. That final possibility could be dangerous information for Apple, as it might depart little person incentive to stick with iMessage. However that or an iMessage shopper for each platforms could be essentially the most safe resolution. As WhatsApp warned, totally different endpoints are much less safe than an built-in messenger.
I’ve once more requested Apple for any assertion on its encryption plans for RCS.
And so, all informed, RCS coming to iPhone with iOS 18 is attention-grabbing however—absent that shock change—doesn’t alter the established order a lot in any respect—we’ll discover out extra at June’s WWDC. It’s best to nonetheless use a completely encrypted, cross-platform messenger as your default. It’s best to depart SMS and RCS for OTPs, advertising and marketing texts and aged relations. Beneficial apps could be WhatsApp, given its ubiquity, and Sign, given its privateness and safety and rising usability.
Observe me on Twitter or LinkedIn.