Raw Record Source

{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreig6jgxidmbhquawx3rnoopn72xlktoz6b73ogtxspd6a5zvb45bry",
    "uri": "at://did:plc:haakkg7y3xdghcdmprxeexso/app.bsky.feed.post/3mj7xzdpdje42"
  },
  "path": "/t/is-ios-grapheneos-worth-it-if-losing-imessage/34931?page=4#post_63",
  "publishedAt": "2026-04-11T13:41:24.000Z",
  "site": "https://discuss.privacyguides.net",
  "textContent": "I have a strong opinion about this.\n\nFirst, using a phone number to text is bad in a variety of ways, no matter how you slice it, no matter the protocol. Best practice is to get as many people as possible on a FOSS, E2EE, ZAE instant messenger such as Signal. Your phone number is there as a catch-all for everything else: the stubborn/tech illiterate friends/family, businesses, MFA, etc.\n\nI think we all understand this to an extent, and most people here will certainly know many of the details I’m about to hammer out, but I will hit every point for completion’s sake, and to emphasize that iMessage is just as untrustworthy as SMS in a practical sense, and there are privacy gains to using an open standard like SMS, if you work for it.\n\nLet’s talk protocols. SMS has been the universal open text messaging standard for decades. MMS is the universal open standard to text media, such as photos. Both of these standards are unencrypted in transit & at rest, and can be stored by your mobile carrier indefinitely. These days, it is usually deleted after delivery, with metadata being stored for a year to 7 years, depending on carrier.\n\nThese days, we have iMessage & RCS, which are meant to replace SMS & MMS. Both are E2EE, and have additional features such as longer messages, editing messages, higher quality media, delivery confirmation, typing indicators, read receipts, emoji reactions, and more functional group chats. This is because they are internet based instead of a true successor to SMS/MMS, but unlike WhatsApp for example, you can still message phone numbers outside of the “ecosystem” of the app, sometimes using a different protocol.\n\nRCS was developed mainly by Google, and is marketed as an open standard. In practice, it is proprietary: it only works with Google Messages on Android, or iMessage on iOS. Both Google & Apple’s implementation of RCS is less than stellar, often falling back on SMS, most often when messaging from iOS to Android, but sometimes between Android users too, for no discernable reason. It is very much a work in progress. Android to Android RCS is encrypted at rest in Google’s servers, and supposedly deleted after delivery. iOS to Android (and vice versa), however, is not E2EE, nor is it encrypted at rest, with no way to turn it on, meaning it would be accessible to & potentially stored by Google, Apple, and your mobile carrier. Supposedly it is encrypted in transit, meaning it would not be susceptible to interception by bad actors the same way SMS/MMS is. Android phone backups (including all your messages) are encrypted. Metadata is not encrypted at any point, in any situation, and can be seen by Google, Apple, and your mobile carrier if you are messaging from Android to iOS (or vice versa).\n\niMessage the protocol only works between Apple devices. Additionally, the iMessage app will use RCS instead of the iMessage protocol when messaging Android phones that support RCS, or it will use SMS/MMS if the receiving app doesn’t support RCS. For any protocol, messages are not encrypted at rest on Apple’s servers, unless you turn on Advanced Data Protection for iCloud backups. Messages are deleted after delivery. But then there are phone backups, which are on by default, including all your messages, and as mentioned, not encrypted by default. Even if you individually make sure encryption is on for your account, most people will not, including the people you message: remember, text messaging is only for people who cannot be bothered to care enough to download something like Signal. In practice, if you use or message someone with an Apple device, a record of at least some of your messages is kept by Apple unencrypted on their servers indefinitely, for all standards: iMessage, RCS, and SMS/MMS. Your mobile carrier will not be able to see or record iMessage to iMessage, but can for the others. iMessage to iMessage metadata is sent through Apple’s servers, which hides it from your mobile carrier, but not from Apple, who retains it for 30 days in normally circumstances, but can do so indefinitely.\n\nRCS, Google Messages, Google Drive, iMessage, the iMessage app, and iCloud are all closed source. So Google and/or Apple may have a backdoor to access anything stored on their servers: there is no way to verify that they do not. Nor, for that matter, is there any way to verify that their messages are even encrypted, or deleted after delivery. I realize this sounds like a crackpot theory, but the reality is we just don’t know. It COULD be this whole thing is a psyop to convince us to move to more “trusted” closed standards.\n\nOn paper iMessage & RCS are more secure. In practice, when looking at the end result, it is pretty similar to SMS/MMS, especially when messaging between phone types. iMessage/RCS may be (relatively) more private more OFTEN, but has the same problems as SMS/MMS, and ultimately cannot be trusted.\n\nLet’s talk more about SMS security. SMS has been more vulnerable to interceptions through scanning certain frequencies historically, but a lot of this risk has been mitigated in recent years by security measures on LTE & 5G networks. So in practice, intercepting SMS over the air with a scanner does not happen anymore. Carriers could potentially read your messages, make no mistake, as well as Google & Apple, but SMS is not just “out there”. SMS is most vulnerable to social engineering, such as SIM card swapping, phishing, and malware installed on your phone. This is irrelevant to the iMessage/RCS vs SMS debate, since iMessage/RCS is no less vulnerable to social engineering attacks, and MFA will always be sent through SMS anyway.\n\nBoth iPhone & Android recently implemented features to scan all texts to detect nude images sent or received from their respective messaging apps, “to protect the children”. This is supposedly done “locally by an Ai” and not reported back to Google & Apple, but I find this hard to believe. Local Ai takes a lot of horsepower that mid range Androids are simply not going to have. It is important to note that there is no hard evidence for this, but based on this knowledge, I suspect that Google & Apple may be scanning all your messages in general that are at rest on your device, then “phoning home” back to their servers if certain keywords or images are noticed. If true, this would still be true of iMessage/RCS, since it is no longer encrypted once it is delivered your device: otherwise you couldn’t read it.\n\nStill, our conclusion so far is that SMS/MMS is worse due to lack of modern features, even if privacy/security is pretty similar. But…what if, through the power of being an open standard, we could gain some additional features of our own that protect our privacy more?\n\nPaying for a VoIP provider is the way to get those features. The phone number is provided by a third party provider. Voice, SMS, and MMS are routed over the internet through your VoIP provider using an app that works as a client for their service. This can be done on desktop too, which can side step the surveillance state of phones in general. SIM swapping does not work because you do not use the phone number on your SIM for phone calls or messages, only for the internet access. You can sign up & pay for some mobile carriers anonymously, not use the SIM number, and therefore your location data is not tied to you. Websites are able to scan the phone number on your SIM, but again, this is not tied to you because you do not use it, and you can pick an area code that is far away from you. You can even pay for multiple numbers.\n\nGoogle & Apple are unlikely to be able to mass scan a separate, sandboxed app than they are able to scan their own default messaging app. If they’re able to read anything on any app & report back, we are screwed in a number of ways, but even then there are ways around it such as GrapheneOS not requiring Play Services and being able to sandbox Play Services itself even if you install it. This extra barrier is nice, but irrelevant, since the true threat is the people you message unwittingly allowing Google, Apple, and mobile carriers access, and that is pretty much unavoidable for the use case of regular phone calls and text messaging, as previously mentioned.\n\nThese are best practices for this approach:\n\nBuy a new phone, not attached to anyone else. Sign up for a mobile carrier such as Mint Mobile or US Mobile. This usually requires an app to activate your eSIM. VPN connections will usually flag you, so I recommend public Wi-Fi. Give a fake name, and the address of a nearby hotel. Make sure it is the same zip code & city as your home, in order to comply with tax laws. Remember, they’ll have your approximate location history anyway, no need to cause trouble with the law. Pay as anonymously as possible. Cryptocurrency or cash if possible (unlikely), a virtual credit card, or a Visa Gift card that you bought with cash (don’t use the Visa Gift Card for any other purchases, shred it after). You can usually get good deals if you pay a year in advance, and this allows you to delete the app after, which probably has trackers. If you are using GrapheneOS you can install it on its own profile first so it won’t get your app install data. You can activate a new eSIM after a year to continue getting new customer deals. You don’t care about your SIM number, and it will obfuscate your location history if you switch occasionally. If you don’t have an eSIM, or switch phones a lot, SIM cards work fine, but be careful. Mint Mobile sells SIM cards in stores such as Best Buy, so you can pay with cash. I would not pay for a SIM card online, nor would I ship it to my house.\n\nFor the VoIP provider, many are obligated to gather a lot of personal information for KYC (Know Your Customer) laws. This is actually not that bad. A phone number that you use will quickly become public knowledge to anyone who cares to have it. Even for non-KYC VoIP providers, you will have to provide your name & billing address listed with your old carrier if you are porting your old phone number to VoIP, which is a good idea to do unless you’re trying to disappear. Personally, I use GrapheneOS + JMP.chat since it is a good value, has a good app, good features, doesn’t require KYC, and is connected to Jabber which uses XMPP in case you happen to message people that use that protocol you’ll have E2EE.",
  "title": "Is iOS -> GrapheneOS worth it if losing iMessage"
}