← Back to context

Comment by jjtech

8 hours ago

Unfortunately, I think what a lot of people don't know is that RCS actually has "client authenticity verification"[1]... the RCS server has to actively approve any attempts for a client to connect, if it's Android/iOS/etc.

There are no standards for how this should be implemented, Google uses Play Integrity and Apple uses App Attest at the current moment, with explicit proprietary support by the Jibe servers.

It's basically impossible for any solution that Google doesn't approve to function, because it's never going to be able to get App Attest/Play Integrity verification without relying on a jailbreak/vulnerability.

1. https://www.gsma.com/solutions-and-impact/technologies/netwo...

3 comments

jjtech

Reply
jjtech  8 hours ago

As an aside, the IMS stack used to implement SMS/MMS/RCS on Android is super cursed. A lot of the heavy lifting is handed off to the OEM, for example, Pixel devices hand it off to the Qualcomm modem. (Meaning Android the OS doesn't even have any control over how the raw SIP messages are sent: they're inside an IPSec tunnel set up by the modem that it can't see inside)

iirc Samsung devices do it differently and they implement it in userspace using StrongSwan?

That's why it's super annoying to handle SMS/MMS using the standard/legacy APIs, because depending on what device the user has, the implementation may behave radically differently with regards to PDU parsing and such.

RCS makes the whole situation worse because it sets up an entire secondary IMS stack inside the Google Messages app, and then uses weird APIs to try to tie it back into the main stack, even though obviously the modem implementation doesn't understand RCS... it's a mess.

  • joecool1029  3 hours ago

    > Pixel devices hand it off to the Qualcomm modem.

    Older ones maybe, newer ones use Samsung Shannon modems.

    > iirc Samsung devices do it differently and they implement it in userspace using StrongSwan?

    Just to be cursed the entire IMS stack for Samsung on both qcom and exynos is custom. It’s why no custom roms have support for voLTE on their devices. They also had their own RCS that they sunset in favor of Google Messages.

    Apple’s implementation is cursed too and not only did they use an older specification but they didn’t fully implement required responses to registration issues, I wrote about it here: https://wt.gd/working-rcs-messaging

notRobot  1 hour ago

> never going to be able to get App Attest/Play Integrity verification without relying on a jailbreak/vulnerability.

Even with jailbreak/rooting, hardware attestation is nearly impossible to spoof.