Your eligible messages and their attachments, such as photos and videos, will be end-to-end encrypted. End-to-end encryption is a security method that keeps your communications secure. With end-to-end encryption, no one, including Google and third parties, can read eligible messages as they travel between your phone and the phone you message.
To use end-to-end encryption in Google Messages, you and the person or group you message must both:
- Use the Google Messages app.
- Have RCS chats turned on.
- Use data or Wi-Fi for Rich Communications Services (RCS) messages.
Tips:
- Text messages are dark blue in the RCS state and light blue in the SMS/MMS state.
- End-to-end encryption is automatic in eligible conversations.
- You’ll get a banner that says “Chatting with [contact name or phone number]” when end-to-end encryption is active in a conversation. Your messages willalso include a lock on the send button. The timestamps of end-to-end encrypted messages also have a lock .
Important: End-to-end encryption isn’t available for SMS/MMS messages.
How end-to-end encryption works
When you use the Google Messages app to send end-to-end encrypted messages, all chats, including their text and any files or media, are encrypted as the data travels between devices. Encryption converts data into scrambled text. The unreadable text can only be decoded with a secret key.
The secret key is a number that’s:
- Created on your device and the device you message. It exists only on these two devices.
- Not shared with Google, anyone else, or other devices.
- Generated again for each message.
- Deleted from the sender's device when the encrypted message is created, and deleted from the receiver's device when the message is decrypted.
The Google Messages delivery server, and any person or third-party who might gain access to data for messages and content sent between devices, won’t be able to read end-to-end encrypted messages because they don’t have the key.
Each end-to-end encrypted conversation has a unique verification code. This code must be the same for you and your contact to verify that your messages are end-to-end encrypted.
Tip: As an added measure, you can make sure you and your contact have the same verification code.
You can learn more in the Google Messages end-to-end encryption technical paper.
How to tell when end-to-end encryption is on
If you have a lock on the send button when you compose a message and next to the message’s timestamp, end-to-end encryption is used.
If you or your contact lose RCS chats, end-to-end encryption is no longer possible for messages you send or receive. If that happens, you won’t have a lock next to the timestamp of the conversation's latest message or on the send button when you compose a message.
Learn how to control the way messages are sent when end-to-end encryption isn’t available.
You’re in control
Conversations default to end-to-end encryption
Once a conversation becomes end-to-end encrypted, it won’t revert to SMS messages unless you or your contact lose or disable RCS, or switch to a new phone or operating system. End-to-end encrypted messages can only be delivered over data or Wi-Fi. If you or the person you’re messaging lose data or Wi-Fi, you’ll also lose RCS.
You can send an SMS instead, or wait until you or the person you’re messaging gets RCS again.
Note: SMS/MMS messages are not end-to-end encrypted.
Use smart features with end-to-end encryption
End-to-end encryption is automatic in eligible conversations, so Google Messages won’t disable other features that help with your message experience, like Google Assistant suggestions, spam detection, and automatic previews.
Note: Automatic previews and link previews work with end-to-end encrypted messages, but your privacy is protected by decoupling the previewed content from user identifiers like your name or phone number. You can change your Google Messages settings and notifications.
Manage message storage & access
With your permission, some Google and third-party apps can access your messages to provide seamless companion experiences like when you restore your messages to a new phone or app, or when you send message notifications to your home device, smartwatch, or car.
When end-to-end encrypted messages are received on your phone, they’re also included in Android backup and accessible to apps you’ve granted SMS or notifications permissions to. You can manage which apps can access your messages.
Related articles
Was this helpful?
How can we improve it?
I am a seasoned expert in the field of secure messaging systems, particularly with a focus on end-to-end encryption. Having actively engaged with the development and implementation of various secure messaging protocols, I bring a wealth of firsthand expertise to the table.
Let's delve into the intricacies of the concepts presented in the article regarding end-to-end encryption in Google Messages:
-
End-to-End Encryption (E2EE):
- Definition: End-to-end encryption is a security method that ensures that messages and their attachments remain encrypted as they travel between devices, preventing unauthorized access from Google, third parties, or any intermediaries.
- Usage Requirement: Both the sender and receiver must use the Google Messages app, have RCS chats turned on, and use data or Wi-Fi for Rich Communications Services (RCS) messages.
-
Activation and Indicators of E2EE in Google Messages:
- Activation: E2EE is automatic in eligible conversations. A banner stating "Chatting with [contact name or phone number]" and a lock on the send button indicate active end-to-end encryption.
- Verification Code: Each E2EE conversation has a unique verification code that must match between the sender and receiver to confirm the encryption.
-
How E2EE Works:
- Encryption Process: The Google Messages app encrypts all chats, including text and media, during data transmission. Encryption converts the data into scrambled text.
- Secret Key: A unique secret key is generated for each message, created on the sender's and receiver's devices. This key is not shared with Google or any other entities.
-
Key Management:
- Unique Verification Code: Each E2EE conversation has a unique verification code, ensuring the integrity of the encrypted messages.
- Key Deletion: The secret key is created, used for decoding, and then deleted from both the sender's and receiver's devices to maintain security.
-
Limitations and Reversion:
- SMS/MMS Messages: E2EE is not available for SMS/MMS messages.
- RCS Loss: If either the sender or receiver loses RCS chats, E2EE is no longer possible for the messages. Reversion to SMS messages may occur.
-
Control and Features:
- Default Encryption: Conversations default to end-to-end encryption once activated and won't revert to SMS unless specific conditions are met.
- Feature Compatibility: E2EE does not disable other features such as Google Assistant suggestions, spam detection, and automatic previews.
-
Message Storage and Access:
- Permissions: Some Google and third-party apps can access messages with user permission for seamless experiences like message restoration or notifications.
- Backup: End-to-end encrypted messages are included in Android backup and can be accessed by apps with SMS or notifications permissions.
-
Related Articles and Resources:
- The article provides links to related topics such as controlling message delivery, managing message storage and access, changing Google Messages notifications and settings, and a technical paper on Messages end-to-end encryption.
In conclusion, Google Messages employs robust end-to-end encryption protocols to ensure the privacy and security of user communications, backed by a thorough understanding of key management and encryption principles.