There is No Substitute for True End-to-End Encryption in Mobile Messaging Platforms


Last month, Google announced it enabled end-to-end-encryption (E2EE) in Messages for Android in a bid to compete with Apple iMessage. While much was made of this announcement, the E2EE in Google Messages is underpinned by the RCS protocol which is not end-to-end encrypted.

In fact, research by Security Research Labs found that “the provisioning process for activating RCS functionality on a phone is badly protected in many networks, allowing hackers to fully take over user accounts by stealing RCS configuration files that include SIP and HTTP credentials.” The research also revealed that “the most widespread RCS client (Android Messages) does not implement sufficient domain and certificate validation, enabling hackers to intercept and manipulate communication through a DNS spoofing attack.

When it comes to secure enterprise communication and collaboration, there really is no substitute for true E2EE.

Today, as enterprises turn to messaging and collaboration apps to support hybrid and remote working models, organizations are worried about the security vulnerabilities of many of these apps. A Nucleus Cyber 2021 State of Remote Work Report revealed that 46% of those surveyed considered sensitive data leaving the perimeter as one of the top challenges of managing a remote workforce. Collaboration applications were also found to be a top security concern for security leaders including file sharing (68%), video conferencing (45%), and messaging (35%).

Recent cybersecurity incidents involving two popular collaboration platforms are increasing these concerns.

A data breach involving game developer Electronic Arts (EA), reportedly was due to a Slack API exploit that allowed hackers to gain access to a Slack account and steal source code for some games as well as other company data.

In April, Security firm Tenable found a flaw in Microsoft Power Apps that could allow attackers to steal emails, Teams messages and OneDrive files. Microsoft recently patched this vulnerability.

Taking a patchwork approach to security as vulnerabilities in these and other collaboration apps continue to surface is not the answer for protecting sensitive company data and intellectual property.

True E2EE is the answer.

In true E2EE, data is encrypted on the sender's system or device, and only the intended recipient is able to decrypt and read the message. True E2EE provides uninterrupted security for data at rest and in transit which keeps messages secure from prying eyes and prevents messages from being tampered with or altered.

True E2EE is not found in RCS messaging through Google Messages and it is not found in Slack or Microsoft Teams. It is found in NetSfere.

NetSfere’s approach to E2EE is comprehensive not patchwork. With E2EE across every device, NetSfere allows employees to share information without jeopardizing the integrity of sensitive data. All NetSfere conversations are encrypted by default. Our industry-leading secure messaging platform combines enterprise-grade E2EE with advanced algorithms, protecting data and information as it is transmitted from device to device.

There is no substitute for true E2EE and to secure enterprise mobile messaging and collaboration, there is no substitute for NetSfere.