The problem with all these problems is that it makes RCS noticeably worse in both normal use and for your privacy than a regular web chat via some other system. And I do not see a path for it that escapes that.
I'm very happy that they're essentially using MLS, that's a real benefit[1]. But other chat apps can (and some do) do that too, without actively driving every single carrier globally to give Google all of your messaging activity. We're better off having diversity.
This all could reverse course and become acceptable, but I don't see how it would happen in practice. It seems much more likely that everyone will just give up and say "yeah that didn't work".
1: Though without alternate impls they can just silently MITM it and how would you know? RCS users: have you ever verified your messaging keys out of band? Do you know how? I can't find it in Messages. The "Universal Profile https://www.gsma.com/solutions-and-impact/technologies/netwo..." for RCS that describes a ton of things compliant apps have to do (many of which Google Messages does not seem to do, as far as I can tell) has no instructions at all to show users their keys or provide a common way to verify them (as far as I can tell). Client diversity provides a way to detect some attacks here, but there is currently almost no client diversity, and instead it seems to be shrinking towards just Google Messages, using Google's servers.
^ They are correct, the MLS / E2EE part of RCS is quite new and not yet implemented ~anywhere. So it gets no points until widespread, and this is now a decade after RCS's introduction. I think we can expect it to take a long time yet, if at all.
I'm very happy that they're essentially using MLS, that's a real benefit[1]. But other chat apps can (and some do) do that too, without actively driving every single carrier globally to give Google all of your messaging activity. We're better off having diversity.
This all could reverse course and become acceptable, but I don't see how it would happen in practice. It seems much more likely that everyone will just give up and say "yeah that didn't work".
1: Though without alternate impls they can just silently MITM it and how would you know? RCS users: have you ever verified your messaging keys out of band? Do you know how? I can't find it in Messages. The "Universal Profile https://www.gsma.com/solutions-and-impact/technologies/netwo..." for RCS that describes a ton of things compliant apps have to do (many of which Google Messages does not seem to do, as far as I can tell) has no instructions at all to show users their keys or provide a common way to verify them (as far as I can tell). Client diversity provides a way to detect some attacks here, but there is currently almost no client diversity, and instead it seems to be shrinking towards just Google Messages, using Google's servers.