Security is critical wherever sensitive data is involved, like cloud storage, password management, and communication. Thebest encrypted messaging appstoday don’t shy away from their responsibility towards the consumer’s privacy, but breaches and loopholes likeWhatsApp’s flawed account deactivation systemserve as constant reminders we can make more headway. Google believes the answer lies in an industry-wide interoperable standard for messaging that’s platform and app-agnostic. However, recent examples suggest this is but another pipe dream.
Google hasannounced its supportfor theRFC 9420 specificationsof the Internet Engineering Task Force’s (IETF) newMessaging Layer Security(MLS) standard. According to Google, the latest specification allows for interoperability across messaging services (WhatsApp, Messenger, Google Messages, etc.) and operating systems at scale. The company also promises to make its implementation open source, and available to app developers through the Android code base.
If lawmakers and market regulators get behind the standard as well, Google is confident MLS can become the de-facto protocol across apps, thereby ensuring every app developer isn’t busy maintaining proprietaryend-to-end encryption(E2EE) protocols. The standard could also ensure third party middleware has no role in maintaining interoperability, thereby eliminating additional security concerns. MLS could also make E2EE group chats across platforms simpler to implement, because messages won’t be delivered in different formats, like RCS messages on iPhone.
All the advantages are fine and dandy, and the implementation is feasible too, but Google and the lawmakers standing by an idea will never suffice. Taking the RCS standard itself as an example,Apple is evidently disinterestedin implementing it, perhaps partly because it demands additional resources and labor that benefits users and nobody else. Likewise, it’s hard to believe many app developers and companies, particularly the smaller players, will invest substantial resources towards keeping up with the MLS standard.
Even if the outliers were whipped into compliance by lawmakers and regulators, vehement opposition is inevitable, likeApple pushing back against USB-Cor Google opposing regulatory pressure for Play Store policy changes in the wake of the Epic Games suit. There are good examples of industry-widehardwarestandards, like Qi for wireless charging, that saw widespread adoption, but any such standard will take years to be usable at the scale Google envisions. Simply because it takes years for everyone to be on the same page.
Still, we are glad to see a big tech brand like Google advocating for standardization in communication and security, which would eventually benefit end users like you and me — we just won’t be waiting with bated breath. There’s a very real chance this turns out to be another RCS-like pipe dream that takes the better part of a decade to see widespread adoption, if it ever does at all.
