Google Messages Goes Cross-Platform with MLS Encryption

Google Messages will soon support the MLS protocol, providing end-to-end encryption for messages across various platforms. This update aims to comply with the European Union’s new interoperability requirements under the Digital Markets Act (DMA).

The RCS (Rich Communication Services) protocol, introduced to Android in 2019, replaced outdated SMS and MMS, offering encrypted communication, read receipts, and typing indicators. However, RCS requires both parties to use the same platform for end-to-end encryption.

To address this issue, Google announced last year that it would support the Messaging Layer Security (MLS) protocol, which ensures encrypted communication between applications and platforms, both in personal and group chats.

Android Authority reports that bug hunter Assemble Debug discovered lines and flags related to MLS in the Google Messages app code, indicating the imminent addition of this feature. Although the feature is still in development, it is clear that Google intends to make MLS the standard security layer for messages.

The adoption of MLS also aligns with European Union laws requiring messaging services to ensure free data exchange and open access for third-party services.

Last year, Google urged the EU to mandate Apple to implement the RCS protocol in iMessage. While Apple has been reluctant to add RCS support to iOS, the implementation of cross-platform end-to-end encryption will benefit customers regardless of the application or operating system used.

MLS is being developed in C++ (MLSpp, RingCentral), Go, TypeScript, and Rust (OpenMLS, Wickr), leveraging existing protocols such as S/MIME, OpenPGP, Off the Record, and Double Ratchet. MLS support is already implemented on communication platforms Webex and RingCentral, with future adoption expected in projects like Wickr and Matrix.

The main objectives of the protocol include:

• Privacy: Only group members can read messages;
• Integrity and Authentication Guarantees: Each message is sent from a verified sender and cannot be altered in transit;
• Group Member Authentication: Each participant can verify the authenticity of the other group members;
• Asynchronous Operation: Encryption keys can be provided without the need for all participants to be online simultaneously;
• Forward Secrecy: Compromise of one participant does not allow decryption of previously sent group messages;
• Post-Compromise Security: Compromise of one participant does not allow decryption of future group messages;
• Scalability: Potential sublinear scalability in resource consumption relative to group size.