Secure messaging to protect your confidentiality!

The possibility of exchanging instant messages between individuals only emerged with the boom in mobile telephony. Previously, instant messaging was only possible over the telephone. SMS, this (relative) novelty, is therefore the 1st instant messaging service for the general public.

Universal messaging.

SMS (Short Message Service).

A brief history :
1973: 1st call made from a mobile phone in the USA (Motorola).
1983: Launch of the 1st mobile phone in the USA, Motorola's DynaTAC at a discounted price of over $10,000 each...
1988: Launch of the GSM (Global System for Mobile) standard.
1992: 1st SMS (Short Message Service) introduced in the UK.
1996: 1st consumer GSM package in France (although the Be-Bop dates back to 1993...).
2007: Market launch of the 1st touch-sensitive smartphone (Apple iPhone).

The GSM network, which has enabled instant messaging to emerge, is capable of transmitting voice and SMS, but it has its own weaknesses:

Size limited to 160 characters.
Insecure transmission protocol.
Susceptible to SIM swapping (see what this is in the ‘Passwords’ section). After a peak of 205 billion SMS messages sent in France in 2016, the volume is now falling sharply. While marketing and transactional SMS messages (order confirmations, validation codes) remain at a high level, messages between private individuals have fallen sharply.
Why is this? Since the advent of the smartphone and Internet Protocol (IP), proprietary messaging systems have offered a wide range of possibilities: history, grouped conversations, content formats, real-time interaction, etc.

However, SMS has one fundamental advantage: it is universal: any user with a mobile phone number can communicate with anyone else who has such a subscription. A user of a proprietary messaging system, on the other hand, will only be able to communicate with a user using the same application.

RCS (Rich Communication Services).

The successor to SMS, RCS, has been around since 2007. It is an Internet protocol that takes the main advantage of SMS, namely its universality, and combines it with the advantages of proprietary messaging services. Unfortunately, it has not been widely adopted for 2 main reasons:

It requires significant investment from operators and handset manufacturers to make them compatible.
The existing competition between Google, one of the main promoters of this protocol since 2019 with its messaging service Messages, and Apple, which promotes iMessage, is a brake.

How it works.

The standard RCC.71 describes the operation of the RCS protocol issued by the GSMA. This association (GSM Association) brings together operators from 220 countries with more than 6.5 billion telephone lines. It therefore has a significant impact which has a normative role. Briefly:

Data is transmitted via IP.
User identification/authentication is provided by the SIM card.

If the recipient mobile phone is not RCS compatible, the message is routed as an SMS via the operator's cellular network (following the same scheme as Apple's iMessage when you send a message from iOS to an Android user).

Features.

Because of the adoption of IP, RCS features are similar to those of proprietary messaging services:

1 to 1 messaging => One to one chat.
Group Chat => Group chat.
File Transfer => File transfer in any format.
Audio Messaging => Audio messaging.
Messaging for Multi-Device => Multi-platform availability (PC/Tablet/Smartphone).
Green Button Promise for Voice => Audio calls.
Green Button Promise for IP Video Call Services => Video Calls.
Enriched Calling => Content sharing before/during/after the call or its attempt.

Perspectives.

The adoption of the Digital Markets Act (DMA) by the European Union in 2024 is forcing the major players (and Apple in particular) to evolve. Its aim is to combat anti-competitive practices, with the direct consequence of promoting the compatibility of hardware and protocols. This has led Apple to abandon its proprietary Lightning port in favour of USB-C, open up applications to shops other than the App Store and implement the RCS in iOS 18. But while RCS is a major development that will bridge the gap between SMS and Internet messaging in terms of functionality, there is another fundamental development that is still missing from its protocol: end-to-end encryption. This is set to change, however, with Google, for example, implementing E2EE in its Messages application in 2021. As a reminder, Apple launched iMessage in 2011...

Proprietary messaging.

While applications have been around since the early days of desktop computers (think office suites), it was the arrival of the first smartphones, and particularly the iPhone and its App Store app shop, that revolutionised the sector. This led to the creation and distribution of messaging apps that made up for the shortcomings of SMS, particularly its total lack of confidentiality. SMS messages are sent in the clear and can therefore be read by the operators who route them.

Genesis.

This observation led to the creation of the 1st secure messaging services MSN Messenger (ancestor of Skype) was the precursor (1999) but was launched on a PC platform, followed by those that are now among the most widely used, WhatsApp in 2009, Viber in 2010, iMessage in 2011, Threema in 2012, Telegram in 2013 and Signal in 2015. While the development of these new messaging services has been driven by the enhancement of SMS functionalities, security has also been the main theme. Let's take a closer look at what 3 of them have to offer: iMessage because it comes with iOS, which is our benchmark platform, WhatsApp because it is used by more than 85% of smartphones owners, despite the fact that its business model is to sell your data, and finally Signal because its aim is to provide secure messaging that respects your data (it is a not-for-profit foundation funded exclusively by donations).

iMessage is Apple's application for sending and receiving secure messages on Apple devices only (iPhone, iPod, iPad, MacBook). When sending a message to an Android device, the message is sent in SMS/MMS format, i.e. without the possibility of using the application's advanced features.

Features

Message types: Text, audio and video messages - Memoji - Digital Touch - Handwritten messages - Message or screen with effects (Impact-Visual-Discreet-Invisible ink).
Features: Group conversations - Targeted reply - Quick reply (Reactions) - Input indicator - Read confirmation - Send undo (within 2 min) - Send edit (within 15 min) - Pin a conversation - Share location.
Others: Transcription of audio messages - Search filters - Maximum file size transferred 100 MB.

Privacy.

To use this service, you need an Apple ID, i.e. an email address and a telephone number. Data collection seems to be limited to what is strictly necessary.

Security.

Connecting to your iCloud account: 2-factor authentication. iPhone login: Face ID Messages encrypted by default from end to end using a post-quantum algorithm. Contact keys can be validated to check that you are talking to the right person. Encryption algorithm: Post-quantum PQ3.

Key features.

SMS/MMS compatibility. Post-quantum E2EE encryption.

Weaknesses.

RCS incompatibility. Proprietary code. Lack of secure calling functionality.

WhatsApp was created by Brian Acton and Jan Koum. The funny thing about this story is that they applied to Facebook in 2007 after leaving Yahoo but weren't selected. 7 years later, Facebook bought WhatsApp for $16 billion... Although the initial idea was to create a replacement for SMS, Jan Koum, who was born in the USSR, was also keen to provide a service that would protect him from eavesdroppers! We can also assume that he wanted his messaging service to respect the confidentiality of its users, since he resigned in 2018 following a dispute with Facebook bosses over the use of personal data. Brian Acton will be back at Signal!