Timing is everything. Just when Apple’s launch of RCS seemed to signal a return to texting over WhatsApp’s unstoppable growth, a surprising new hurdle comes along to stop it. While sending Android-to-Android or iPhone-to-iPhone messages is safe, sending messages from one device to another is not.

Now even the FBI and CISA, the U.S. cyber defense agency, are warning Americans to responsibly use encrypted messages and phone calls wherever they can. The background is Chinese hacking of US networks, which is reportedly “ongoing and likely on a larger scale than previously thought.” Fully encrypted communications are the best defense against this compromise, and Americans are encouraged to use them whenever possible.

ForbesSamsung Warning: Do not install these apps on your Galaxy S24 or S23From Zak Doffman

The network cyberattacks attributed to Salt Typhoon, a group linked to China’s Ministry of Public Security, have raised concerns about vulnerabilities in critical U.S. communications networks. The reality looks different. Without fully end-to-end encrypted messages and calls, this is the case always There is a possibility that content may be intercepted. This is why companies like Apple, Google and Meta encourage its use, emphasizing the fact that even they cannot see content.

A senior FBI official advised using “a cell phone that automatically receives timely operating system updates, responsibly managed encryption, and phishing-resistant MFA for email, social media, and collaboration tool accounts.”

As reported by PoliticallyCISA’s Jeff Greene added to this, urging Americans to: “Use your encrypted communications where you have them… we certainly need to do that and think about what it means in the long term in terms of how we secure our networks.” “

While what is known so far about the Salt Typhoon attacks, the FBI official warned that widespread call and text metadata was stolen in the attack, but extensive call and text content was not. But “the actors compromised the private communications of a limited number of individuals primarily involved in government or political activities.” This would have included call and text content.”

Greene reportedly suggested that “Americans should use encrypted apps for all their communications” (1,2). This means you no longer need to send SMS from iPhone to Android, although iMessages and Google Messages are fully encrypted on these platforms.

Greene added: “Our suggestion that we’ve been telling people internally is not new here: Encryption is your friend, whether it’s text messages or whether you have the ability to use encrypted voice communications.” Even if that If adversaries were able to intercept the data, encryption would be impossible if it were encrypted.”

An alert was released Tuesday about the ongoing telecommunications network hacks jointly issued by the FBI, CISA and NSA, as well as other Five Eyes agencies.

The lack of end-to-end encryption to protect cross-platform RCS, the successor to SMS, is a glaring omission. This was highlighted in Samsung’s recent celebratory PR note about the success of RCS, which included the caveat that only Android-to-Android messages are secured. It remains a great irony that while Google and Apple separately recommend Android and iPhone users to rely on end-to-end encryption, RCS is still missing and there is no timeline in sight for a solution.

Mobile standards setter GSMA and Google have announced that encryption will be introduced in RCS, but there is no set date yet. This assurance appeared to be in response to the backlash following Apple’s update with media attention on the security issue. Apple – whose iPhone ecosystem includes increasingly comprehensive encryption – has not commented.

ForbesMicrosoft’s bad news for millions of Windows users – you are now in dangerFrom Zak Doffman

My advice remains to use WhatsApp over RCS for cross-platform messaging until RCS adds full encryption between iPhones and Androids. As soon as you leave the walled garden of Apple or Google, the security measures fall away. With well-secured platforms available, it is not worth taking the risk.

There are other fully encrypted platforms too – notably Signal, the best of them all, albeit with a much smaller install base. Even Facebook Messenger now fully encrypts messages, making sending standard SMS/RCS SMS even more of an outlier. Signal and WhatsApp also enable fully encrypted voice and video calls across platforms, so they should also be your default choices given this FBI/CISA warning.

Ironically, Apple’s iOS 18.2, releasing this month, will allow iPhone users to change the default messenger on their devices from iMessage. Timing is really everything.

Updated December 4 with additional comments from the FBI.