Always assume Google is stealing all your data possible

Of course they do.

And if they don’t, someone else does.

Google software is not secure, nor are they interested in preserving anyone’s privacy against third parties or honoring their own terms about data sharing.

Your shit is everywhere.

If you login with Google on your phone with an OS made by Google then you can expect ALL the content on that phone to be potentially at least processed by that company which might including sending back data in some form.

That’s not just Google or Microsoft, it’s any operating system. The OS can see everything you can see and more. If you do not trust the maker of the OS then you have a problem that no application ran by that OS can solve. encryption in all its forms, e.g. encrypted disk, E2EE or homomorphic encryption do not matter if you are on an “end” (e.g. your phone or desktop) that you do not trust.

As the Messages RCS implementation is supposedly E2EE from device to device; No. It is not possible that a log of your messages’ contents are being kept.

Can it stop them from storing your encrypted messages to decrypt later if law enforcement should be able to confiscate your phone and extract the encryption key? Also No. It is not possible for E2EE to prevent “Store ciphertext and decrypt later” attacks.

It also cannot prevent companies from logging who you are conducting an encrypted conversation with; even if the contents cannot be seen and this information cannot be used to infer anything about the contents. It cannot stop companies from making inferences about your messaging activity due to timing of messages sent or who they are sent to.

If these kinds of attacks are on your threat model; you need to ensure you are not sending messages or information via electronic means via your phone to begin with, wherever possible.

It is absurd to assume that they have backdoored the RCS protocol without proof or evidence. This isn’t saying it’s a verifiably secure or private protocol; but I think you could trust an E2EE RCS message for long enough to help you get someone else onboarded on to Signal or another more properly encrypted messenger without needing to worry about being put on a watch list. I would trust it with my grocery list or trivial communications with family; even if I wouldn’t trust it with my truly personal or private conversations.

Yep.

Short answer: Yes

Meanwhile I applied for reimbursement on my failing Pixel 6a battery and Google keep asking for proof that I own this phone. They won’t even allow it on RCS. The trust issue goes both ways.

I do find it suspicious that governments are targeting Signal’s E2E encryption but not RCS, FB Messenger or WhatsApp. It’s clear which ones are compromised.

Download all your Google account data and find out.

The NSA certainly does keep a copy regardless.

I know that SMS and MMS text messages are transmitted unencrypted, but are RCS text messages different? Serious question.

If you’re able to successfully navigate the fucking maze of settings both on your device and your account, and stay up to date when Google silently opts you into new “features” so you can opt out of them, then probably not. But honestly, no one knows except Google, and they’ve given you every reason not to trust them.

In regards to RCS, probably the same as every other quasi-private messaging platform: the content of your messages is encrypted and private, but your social graph, who you talk to, when, and how often, is property of the corporation. Or if you’re messaging someone on a Samsung or Apple device, then multiple corporations.

I’ve read that the encryption keys are stored on Google servers. If so, they could decrypt them if they wanted.