FBI Warns iPhone And Android Users—Move to fully end-to-end encrypted messengers

Quotes from the article:

Timing is everything. Just as Apple’s adoption of RCShad seemed to signal a return to text messaging versus the unstoppable growth of WhatsApp, then along comes a surprising new hurdle to stop that in its tracks. While messaging Android to Android or iPhone to iPhone is secure, messaging from one to the other is not.

Now even the FBI and CISA, the US cyber defense agency, are warning Americans to use fully encrypted messaging and phone calls where they can. The backdrop is the Chinese hacking of US networks that is reportedly “ongoing and likely larger in scale than previously understood.” Fully encrypted comms is the best defense against this compromise, and Americans are being urged to use that wherever possible.

The network cyberattacks, attributed to Salt Typhoon, a group associated with China’s Ministry of Public Security, has generated heightened concern as to the vulnerabilities within critical US communication networks.

As reported by Politico, advice given by CISA’s Jeff Greene and an unnamed FBI senior official included “strongly urging Americans to ‘use your encrypted communications where you have it… we definitely need to do that, kind of look at what it means long-term, how we secure our networks’.”

The two officials briefing the media went as far as to suggest “that Americans should use encrypted apps for all their communications,” according to other reports (1,2). That means stop sending texts between iPhones and Androids, albeit iMessages and Google Messages are fully encrypted between users on those platforms.

Greene added that “our suggestion, what we have told folks internally, is not new here: encryption is your friend, whether it’s on text messaging or if you have the capacity to use encrypted voice communication. Even if the adversary is able to intercept the data, if it is encrypted, it will make it impossible.”

Update: Here’s another news article:

Update: More information on the breach that caused this statement from government officials to recommend end-to-end encrypted messengers:

From forbes:

My advice remains to use WhatsApp over RCS for cross-platform messaging until such a time as RCS adds full encryption between iPhones and Androids. Once you step outside Apple’s or Google’s walled garden, the security protections fall away. With good secured platforms available, it’s not worth taking the risk.

There are other fully encrypted platforms as well—notably Signal, the best of the bunch, albeit with a much smaller install base. Even Facebook Messenger now fully encrypts messaging, making standard SMS/RCS texting even more an outlier. Signal and WhatsApp also enable fully encrypted voice and video calls cross platform, and so they should also be your default choices given this FBI/CISA warning.

Ironically, Apple’s iOS 18.2, due this month, will enable iPhone users to change the default messenger on their devices from iMessage. Timing really is everything.

There it is again. It’s nice that they mention fully encrypted with signal but again failed to realize that:
RCS < WhatsApp < Signal

I do at least appreciate that forbes author mentions lack of E2EE cross platform correctly with RCS at least unlike NBC. But this focus for Whatsapp recommendation as well makes me feel like that this is why we’re gonna struggle to get people to use signal also as I mentioned before:

That was my fear, Someone reading this could choose Whatsapp over Signal because they’ll see both and go “Oh Whatsapp, Friends and family are here too” Missing the whole point of why we prefer signal, That’s why in my article I never mentioned Whatsapp aside from the example for metadata and plain text backups.

I don’t know what you mean here:

When they clearly state that signal is the best of the bunch.

If there’s one messenger the article would recommend (and I am not surprised), it would be WhatsApp. It’s fully encrypted and has the largest install base, which means many of their friends and family likely already use it.

While we all wish Signal were the default messaging app for everyone, the reality is that it’s not. Signal doesn’t have the same install base as WhatsApp, which is in the billions.

Despite its flaws, WhatsApp is still a better option than iMessage or Google Messages with RCS. This is because everything is fully encrypted, ensuring that your texts, videos, and calls remain private.

Of course, there’s the metadata issue to consider. (They do know your IP address, phone number, usage logs, location data, and the contacts you’re messaging or talking to, but not the content of those conversations because of the end-to-end encryption.) Consequently, thanks to end-to-end encryption, your texts, videos, and calls remain safe from prying eyes. Moreover, the backup feature is now fully end-to-end encrypted, eliminating any concerns about data security.

https://faq.whatsapp.com/490592613091019

Have acknowledged that but my point still stands it would likely be people to choose whatsapp.

I agree however it is the metadata that im worried which signal does a good job of at least mitigating for (aside from phone number)
and of course your other points have merit no need to respond on those!

Yes, I believe people would choose WhatsApp over Signal. So, you are indeed right.

I think this is because WhatsApp has more brand recognition and familiarity because people are more accustomed to seeing the green logo/name instead of Signal’s blue logo and name.

If we all want Signal to become the default or at least widely used and recognized by a large majority, then there needs to be an all-out marketing campaign for the app. This could include billboards, ads, and other promotional activities.

However, I’m not sure if Signal has the budget to launch such a campaign since they rely on donations.

I also do agree that the article does make it harder for people to pick Signal as their first choice. As they talk about WhatsApp first.

Signal is still nowhere close to primetime. It’s not just the lack of users, Signal still has lots of day-to-day bugs, lack of features, and it falls behind in ease of use.

All you have to do is go to Signal forums, github, and reddit to see the huge amount of user complaints, many of which have been around for several years with no working solutions in sight. WhatsApp on the other hand works near flawlessly across all devices.

On Signal, you STILL can’t properly transfer message histories between Android and iOS and there are no reliable message export options which are essential features for the masses.

You can’t even backup your messages at all on iOS whereas WhatsApp has encrypted cloud backups with Google drive/icloud and WhatsApp lets you move your message history between the two OS’s if you change phones.

Signal also routinely has problems with notifications on both android and ios. And from a usability standpoint (not necessarily a privacy and security standpoint), the desktop version of WhatsApp is far superior.

Of course Signal is better for ultimate privacy, but apart from general Zuckerberg distrust, the privacy sacrifices you make using WhatsApp instead of Signal, like not encrypting message metadata, shouldn’t be a big concern for most normal people who are just messaging the same friends and family anyway. The chat content themselves are still encrypted, which is what most peopple care about. WhatsApp is also far better than other popular services that have inferior encryption or have no encryption at all.

For high risk individuals or high threat model conversations in which you need to leave no record of a conversation occurring, which is when metadata is the most relevant, then use Signal/SimpleX/similar. That’s what they’re good for. It’s fine to compartamentalize and use both WhatsApp and these other messengers for different use cases.

But until Signal improves tremendously, there’s absolutely no way I’m telling grandma to delete WhatsApp and move to Signal if she’s already comfortable using WhatsApp. This would be a disservice both to grandma and the limited signal developers who will be inundated with even more usability complaints.

I have had no major issues with signal and I feel normal individual can feel right at home unlike others so idk what you’re on about. And neither have my friends who use it and mom complained anything when it came to signal.

Ive used signal for myself and family since 2016 Ive had some cell service issues (dropped calls while driving), or missed calls (no ring) in low service areas. But overall with very few issues.

However only 2 of my contacts regularly use signal. The majority of my contacts have iPhone and use iMessage. Most people I talk to also believe that the main difference between the apps are features/ui ux - they dont understand encryption as its invisible to them.

Several of my contacts argue that sms is the standard and like email there are many clients that do the same thing… Any app that cant sms will not reach the vast majority.

Ive answered many questions about signal over the years for my family and friends. When this article came out they contacted me concerned that I was using signal and suggested I get an iPhone so that I can use encryption. This revealed that while they at times show interest its to be kind to me and not because they are interested in what Im talking about.

Something is definitely happening in normal person land as I am seeing more and more contacts joining signal freely. A few years ago I moved all my family to signal as they were worrying about all of the scams that WhatsApp was suffering. This year I am going to try to move them to simplex chat when in person, so each account is verified also. I have been testing it for a while now and I think it’s ready. It will definitely be a harder sell for regular people but family will use whatever I put on their devices lol

honestly I feel you don’t need to push them to simplex, It’s nice to have a backup but Signal has had enough uptime I wouldn’t worry about it and on the occasion it does maybe use E2EE RCS if possible.