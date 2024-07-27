Google pledged support for Messaging Layer Security (MLS) in 2023. The protocol allows practical interoperability across services and scales to large groups. It raises the bar for security and privacy, irrespective of the platform. Although Google hasn't officially announced when it will adopt MLS, a code sleuth found references to the standard in a Google Messages build. Keep reading to find out if your budget Android phone will support the feature and to learn more about MLS.

What is end-to-end encryption?

Before we delve into MLS, we must understand the basics of end-to-end encryption (E2EE). It offers secure communication by preventing entities like hackers, internet service providers (ISPs), and other services from accessing your data.

Source: Wikimedia Commons / rahmatagungj

Both parties have a public and private key in asymmetric or public key encryption. Anyone can use the public key to encrypt a message. Meanwhile, a private key is hard to crack and is used to decrypt messages.

Shortcomings of end-to-end encryption

Although E2EE offers privacy, security, and data integrity, it can be vulnerable to attacks. If the security at the receiver's or sender's end is compromised, malicious actors can steal the public key to eavesdrop on a conversation or impersonate a party. Another disadvantage is that the protocol doesn't hide metadata.

What is Messaging Layer Security?

Source: IETF

MLS is a standard presented by the Internet Engineering Task Force (IETF) that offers enhanced security for communication groups ranging in size from two to thousands of members. Most popular messaging services provide end-to-end encryption (E2EE), where only the sender and receiver can decrypt or read the message using the private key.

However, the situation becomes sticky when group chats are involved. The system uses sender keys over secure channels, providing forward secrecy, meaning that the theft of a key does not affect the rest of the data. As the size of the group increases, providing post-compromise security becomes difficult.

The MLS system is based on asynchronous ratcheting trees (ART). It allows group members to derive and update shared keys. The protocol uses tree structures to achieve forward secrecy, post-compromise security, scalability, and message integrity in large groups.

Related How to use Magic Compose in Google Messages Learn how to use Magic Compose in Google Messages

Will Google incorporate Messaging Layer Security in Messages?

Google Messages, the default messaging app on most Android phones, uses Rich Communication Services (RCS). It offers encrypted chats and features like read receipts, high-resolution media sharing, typing indicators, and emoji reactions. The version of Universal Profile used by Google Messages does not support E2EE. As a workaround, it uses the Signal Protocol to implement E2EE for security.

In an APK teardown, a Google Message build mentioned MLS. The code snippet hints that the app may include the feature. It also indicates that Google may make MLS the default security layer. There isn't an official word from the company about when the functionality will arrive.

How Google's adoption of MLS will impact messaging standards

When Google Messages incorporates MLS, other messaging services may follow. It will mean better interoperability and security between communication apps. The adoption of MLS may also impact how Apple integrates RCS. iOS 18, which launches in the fall of 2024, will support the RCS Universal Profile 2.4 for messaging. This means the company's implementation will not have E2EE. With Google adopting MLS, Apple may have to follow suit.

Stay connected with Google Messages

As Google readies to incorporate MLS, we'll see a push for standardization in communication protocols. Our favorite Google Messages features include auto spam detection, photomojis, cross-device compatibility, and more. If Messages isn't your jam, you can choose from numerous communication apps to stay connected with family and friends.