Google to add new security layer for messages
What's the story
Google committed to supporting Messaging Layer Security (MLS) in 2023, a protocol designed to bolster security and privacy across various platforms.
However, the tech giant has yet to officially announce when it will adopt MLS.
In the latest development, references to the standard were discovered in a Google Messages build by an astute code sleuth.
The integration of MLS into Google Messages could prompt other messaging services to follow suit, enhancing interoperability and security across communication apps.
Security basics
Understanding MLS and its relation to E2EE
To comprehend the significance of MLS, one must first understand end-to-end encryption (E2EE).
E2EE ensures secure communication by barring hackers, internet service providers, and other services from accessing user data.
It involves a public key for encrypting messages and a private key for decrypting them.
However, if security at either end is compromised, E2EE can be vulnerable to attacks that could lead to unauthorized access or impersonation.
Enhanced security
MLS: An advanced standard for secure communication
The Internet Engineering Task Force (IETF) introduced MLS as an advanced standard that enhances security for communication groups, ranging from two to thousands of members.
Unlike E2EE, which has limitations with group chats, MLS employs sender keys over secure channels and ensures forward secrecy.
This innovative approach ensures that even if a key is compromised, the rest of the data remains secure.
Information
Asynchronous Ratcheting Trees and shared keys
The MLS system operates on asynchronous ratcheting trees (ART), enabling group members to derive and update shared keys. It utilizes tree structures to achieve forward secrecy, post-compromise security, scalability, and message integrity in large groups.
App update
Google Messages: Current security and potential MLS integration
Google Messages, the default messaging app on most Android phones, currently uses Rich Communication Services (RCS) which provides encrypted chats and features like read receipts and high-resolution media sharing.
However, the Universal Profile version used by Google Messages lacks E2EE support. To address this, Google Messages employs the Signal Protocol for security.
A recent APK teardown revealed references to MLS in an upcoming Google Message build, hinting at potential integration of the advanced security standard.
Information
MLS adoption could influence other messaging services
The latest development might affect Apple's strategy for integrating RCS. The upcoming iOS 18, set to launch in fall 2024, will support the RCS Universal Profile 2.4 for messaging, which lacks E2EE. With Google's potential adoption of MLS, Apple may need to reconsider its approach.