| ▲ | jjtech 4 hours ago | |
Unfortunately, I think what a lot of people don't know is that RCS actually has "client authenticity verification"[1]... the RCS server has to actively approve any attempts for a client to connect, if it's Android/iOS/etc. There are no standards for how this should be implemented, Google uses Play Integrity and Apple uses App Attest at the current moment, with explicit proprietary support by the Jibe servers. It's basically impossible for any solution that Google doesn't approve to function, because it's never going to be able to get App Attest/Play Integrity verification without relying on a jailbreak/vulnerability. 1. https://www.gsma.com/solutions-and-impact/technologies/netwo... | ||
| ▲ | jjtech 3 hours ago | parent [-] | |
As an aside, the IMS stack used to implement SMS/MMS/RCS on Android is super cursed. A lot of the heavy lifting is handed off to the OEM, for example, Pixel devices hand it off to the Qualcomm modem. (Meaning Android the OS doesn't even have any control over how the raw SIP messages are sent: they're inside an IPSec tunnel set up by the modem that it can't see inside) iirc Samsung devices do it differently and they implement it in userspace using StrongSwan? That's why it's super annoying to handle SMS/MMS using the standard/legacy APIs, because depending on what device the user has, the implementation may behave radically differently with regards to PDU parsing and such. RCS makes the whole situation worse because it sets up an entire secondary IMS stack inside the Google Messages app, and then uses weird APIs to try to tie it back into the main stack, even though obviously the modem implementation doesn't understand RCS... it's a mess. | ||