Summarize

Simplifying... Inshort

Google is planning to boost the security of its messaging app, Google Messages, by potentially integrating a new advanced standard called MLS.
This technology, introduced by the Internet Engineering Task Force, enhances security for group chats by using unique sender keys and ensuring data remains secure even if a key is compromised.
This move could influence other messaging services, like Apple's, to reconsider their security strategies.

Was a long read? Making it simpler...

Next Article

Messaging Layer Security will enhance privacy across platforms

Google to add new security layer for messages

By Akash Pandey

Jul 27, 2024

06:09 pm

What's the story

Google committed to supporting Messaging Layer Security (MLS) in 2023, a protocol designed to bolster security and privacy across various platforms. However, the tech giant has yet to officially announce when it will adopt MLS. In the latest development, references to the standard were discovered in a Google Messages build by an astute code sleuth. The integration of MLS into Google Messages could prompt other messaging services to follow suit, enhancing interoperability and security across communication apps.

Security basics

Understanding MLS and its relation to E2EE

To comprehend the significance of MLS, one must first understand end-to-end encryption (E2EE). E2EE ensures secure communication by barring hackers, internet service providers, and other services from accessing user data. It involves a public key for encrypting messages and a private key for decrypting them. However, if security at either end is compromised, E2EE can be vulnerable to attacks that could lead to unauthorized access or impersonation.

Enhanced security

MLS: An advanced standard for secure communication

The Internet Engineering Task Force (IETF) introduced MLS as an advanced standard that enhances security for communication groups, ranging from two to thousands of members. Unlike E2EE, which has limitations with group chats, MLS employs sender keys over secure channels and ensures forward secrecy. This innovative approach ensures that even if a key is compromised, the rest of the data remains secure.

Information

Asynchronous Ratcheting Trees and shared keys

The MLS system operates on asynchronous ratcheting trees (ART), enabling group members to derive and update shared keys. It utilizes tree structures to achieve forward secrecy, post-compromise security, scalability, and message integrity in large groups.

App update

Google Messages: Current security and potential MLS integration

Google Messages, the default messaging app on most Android phones, currently uses Rich Communication Services (RCS) which provides encrypted chats and features like read receipts and high-resolution media sharing. However, the Universal Profile version used by Google Messages lacks E2EE support. To address this, Google Messages employs the Signal Protocol for security. A recent APK teardown revealed references to MLS in an upcoming Google Message build, hinting at potential integration of the advanced security standard.

Information

MLS adoption could influence other messaging services

The latest development might affect Apple's strategy for integrating RCS. The upcoming iOS 18, set to launch in fall 2024, will support the RCS Universal Profile 2.4 for messaging, which lacks E2EE. With Google's potential adoption of MLS, Apple may need to reconsider its approach.