Wednesday, May 13, 2015 [Tweets] [Favorites]

Google Hangouts Don’t Use End-to-End Encryption

Lorenzo Franceschi-Bicchierai (via Nick Heer):

Apple has long maintained that conversations over iMessage and FaceTime use end-to-end encryption, meaning “no one but the sender and receiver can see or read them,” as the company said after the PRISM revelations. That claim has turned out to be partly true: normally, Apple can’t read your iMessages, but they can if they really want to.

[…]

We asked Google to clarify, or elaborate, on Monday, and a spokesperson confirmed that Hangouts doesn’t use end-to-end encryption. That makes it technically possible for Google to wiretap conversations at the request of law enforcement agents, even when you turn on the “off the record” feature, which actually only prevents the chat conversations from appearing in your history—it doesn’t provide extra encryption or security.

3 Comments

What is the difference between "can read if they really want" and "not encrypted end-to-end"?

"What is the difference between "can read if they really want" and "not encrypted end-to-end"?"

There is no difference, quite obviously. Both Google Hangouts and Apple's iMessage & FaceTime are unencrypted once they reach the company.

Apple just lied about it for quite a while to their customers, while Google didn't.

@Peter For transmission, iMessages are always encrypted end-to-end, but Apple is in charge of distributing the keys used for that encryption, so if they “really want” they could add an Apple/government key to the list of keys that your phone uses for encrypting the messages, and you’d be none the wiser. Also, as Chucky says, after transmission the backup is not secure. I would say that Apple did not exactly lie, but it made carefully crafted statements that were technically true but implied things that were not true. So I guess I would say that Apple deceived its customers. More here.

Stay up-to-date by subscribing to the Comments RSS Feed for this post.

Leave a Comment