1036

Google is silently blocking RCS messages on rooted Android phones and custom ROMs (www.androidauthority.com)

submitted 5 months ago by ForgottenFlux@lemmy.world to c/technology@lemmy.world

170 comments fedilink hide all child comments

TL;DR

Users who have rooted their phone, have their bootloader unlocked or are using some custom ROMs report that their RCS messages are not being sent, even though RCS shows them as connected.
The Google Messages app does not show any error messages when blocking RCS messages of these users and does not send the messages out as SMS or MMS either.
Google famously campaigned for Apple to include RCS messaging in iMessage but is now blocking it for certain Android users.

you are viewing a single comment's thread
view the rest of the comments

[-] Zak@lemmy.world 57 points 5 months ago

Google is probably trying to get around the cardinal rule of network security: you can't trust the client.

Their RCS client probably doesn't make sending a huge volume of messages (i.e. spam) easy, and more automation is possible with root. Yes, it's stupid, but it's not completely without purpose.

[-] JasonDJ@lemmy.zip 6 points 5 months ago* (last edited 5 months ago)

This is really it. Plus not everyone who roots (or, rather, everyone with a rooted phone) fully understands the security implications of running as root. I’d assume that since their implementation of end to end encryption must require a device-side key pair, and I’d wager that it’s pretty trivial to obtain private keys once you’ve obtained control of a rooted phone. For an adversary, this is a serious threat to the users privacy and security.

This is just one example. I’m sure it’s incredibly difficult to make a platform that you market as secure and private when your users have full control of the system that the application is running on. It’s a never ending cat and mouse game where the device user (whether “intended use” or not) has the upper-hand most of the time.

Not being a total Google apologist here though. They should have made it quite clear that they were blocking messages, and why. Not doing at least that, is inexcusable.

[-] Zak@lemmy.world 10 points 5 months ago

I'm a hardliner when it comes to user control of their own devices, so I'm not going to agree with Google's behavior here even if it, on average results in a benefit to users.

I don't think it provides a net benefit to users though. I think Google wants to be lazy about building spam-mitigation solutions, and wouldn't be sad if it results in fewer users blocking ads and tracking. If Google was positioning its RCS client as a hardcore security product, maybe it should warn both sides of the conversations that there's a risk of compromise, but even Signal, which is far more dedicated to security doesn't do that.

Zero-click exploits are a more common attack vector than modified operating systems in the real world, and I'd be willing to wager my up-to-date LineageOS install is less vulnerable to them than the average person's phone.

[-] conciselyverbose@sh.itjust.works 1 points 5 months ago

Do they not have the equivalent of TPM/Secure Enclave on Android phones?

Because if they don't have actually secure key stores, and require them for certification, that's on them.

this post was submitted on 01 Mar 2024

1036 points (99.1% liked)

Technology

57226 readers

5318 users here now

This is a most excellent place for technology news and articles.

Our Rules

Follow the lemmy.world rules.
Only tech related content.
Be excellent to each another!
Mod approved content bots can post up to 10 articles per day.
Threads asking for personal tech support may be deleted.
Politics threads may be removed.
No memes allowed as posts, OK to post as comments.
Only approved bots from the list below, to ask if your bot can be added please contact us.
Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago

MODERATORS