Page Loader
Summarize
Google to add new security layer for messages
Messaging Layer Security will enhance privacy across platforms

Google to add new security layer for messages

Jul 27, 2024
06:09 pm

What's the story

Google committed to supporting Messaging Layer Security (MLS) in 2023, a protocol designed to bolster security and privacy across various platforms. However, the tech giant has yet to officially announce when it will adopt MLS. In the latest development, references to the standard were discovered in a Google Messages build by an astute code sleuth. The integration of MLS into Google Messages could prompt other messaging services to follow suit, enhancing interoperability and security across communication apps.

Security basics

Understanding MLS and its relation to E2EE

To comprehend the significance of MLS, one must first understand end-to-end encryption (E2EE). E2EE ensures secure communication by barring hackers, internet service providers, and other services from accessing user data. It involves a public key for encrypting messages and a private key for decrypting them. However, if security at either end is compromised, E2EE can be vulnerable to attacks that could lead to unauthorized access or impersonation.

Enhanced security

MLS: An advanced standard for secure communication

The Internet Engineering Task Force (IETF) introduced MLS as an advanced standard that enhances security for communication groups, ranging from two to thousands of members. Unlike E2EE, which has limitations with group chats, MLS employs sender keys over secure channels and ensures forward secrecy. This innovative approach ensures that even if a key is compromised, the rest of the data remains secure.

Information

Asynchronous Ratcheting Trees and shared keys

The MLS system operates on asynchronous ratcheting trees (ART), enabling group members to derive and update shared keys. It utilizes tree structures to achieve forward secrecy, post-compromise security, scalability, and message integrity in large groups.

App update

Google Messages: Current security and potential MLS integration

Google Messages, the default messaging app on most Android phones, currently uses Rich Communication Services (RCS) which provides encrypted chats and features like read receipts and high-resolution media sharing. However, the Universal Profile version used by Google Messages lacks E2EE support. To address this, Google Messages employs the Signal Protocol for security. A recent APK teardown revealed references to MLS in an upcoming Google Message build, hinting at potential integration of the advanced security standard.

Information

MLS adoption could influence other messaging services

The latest development might affect Apple's strategy for integrating RCS. The upcoming iOS 18, set to launch in fall 2024, will support the RCS Universal Profile 2.4 for messaging, which lacks E2EE. With Google's potential adoption of MLS, Apple may need to reconsider its approach.