I assume you are referring to End to End Encrypted (E2EE) messaging apps here. I’m no programmer/developer/software engineer and I’ll be the first to admit that I don’t know a ton about how most apps work on the backend. That being said, my understanding is that E2EE apps decrypt whatever is being transmitted to them when they get to your device (assuming phone here) (of course it would decrypt it, otherwise how would you make sense of the information?). Once the data is on your phone, it is decrypted. From what I understand, sandboxing apps is not all that robust on Android (at least on “mainstream” versions)
Therefore, the data that was Encrypted from End to End was decrypted at the End and therefore accessible by other applications and processes on your phone. Unless Android sandboxing has improved greatly in the last few weeks.
You’re right that the e2ee part is only about protecting the data while in transit, but that is because it’s the hardest part. Apps can also store the data in an encrypted format so that other apps won’t be able to read it.
If the Apple security decision in the UK is anything to go by as well as the Trump administration in the US pushing hard for government backdoors in cloud storage and messaging apps, which has been asked for for a long time but didn’t have much chance of getting past court oversight in the US until the Supreme Court was so corrupted, then likely this is going to be a way that governments can enforce the idea of having encrypted data transmissions to keep data out of the hands of foreign hackers, but still have corporate backdoors that allow governments to access the unencrypted data. That’s exactly what the UK said the Apple thing was supposed to help with. Of course data is only as secure as the weakest link and corporations are often much easier targets than individual users anyway. So it has the same result, but it appeases the majority who don’t get it.
https://support.google.com/product-documentation/answer/15669061?hl=en
Provides a single process that can be used by all message apps so that they don’t need to implement backdoors into all of them?
Worried I’m getting a bit too paranoid, but…
Why backdoor the messaging apps when you can just monitor the entire OS?
Having control over the OS doesn’t help if the OS doesn’t understand the app’s data.
If only there was an AI that monitors everything going on on the device which they could force onto everyone
I assume you are referring to End to End Encrypted (E2EE) messaging apps here. I’m no programmer/developer/software engineer and I’ll be the first to admit that I don’t know a ton about how most apps work on the backend. That being said, my understanding is that E2EE apps decrypt whatever is being transmitted to them when they get to your device (assuming phone here) (of course it would decrypt it, otherwise how would you make sense of the information?). Once the data is on your phone, it is decrypted. From what I understand, sandboxing apps is not all that robust on Android (at least on “mainstream” versions)
Therefore, the data that was Encrypted from End to End was decrypted at the End and therefore accessible by other applications and processes on your phone. Unless Android sandboxing has improved greatly in the last few weeks.
Applications like signal are encrypted at rest on your device as well - https://security.stackexchange.com/questions/277330/how-does-signal-protect-data-on-the-device-from-unauthorized-access
You’re right that the e2ee part is only about protecting the data while in transit, but that is because it’s the hardest part. Apps can also store the data in an encrypted format so that other apps won’t be able to read it.
If the Apple security decision in the UK is anything to go by as well as the Trump administration in the US pushing hard for government backdoors in cloud storage and messaging apps, which has been asked for for a long time but didn’t have much chance of getting past court oversight in the US until the Supreme Court was so corrupted, then likely this is going to be a way that governments can enforce the idea of having encrypted data transmissions to keep data out of the hands of foreign hackers, but still have corporate backdoors that allow governments to access the unencrypted data. That’s exactly what the UK said the Apple thing was supposed to help with. Of course data is only as secure as the weakest link and corporations are often much easier targets than individual users anyway. So it has the same result, but it appeases the majority who don’t get it.
And with it unified, it’s easier to tie multiple online identities back to which one single person they all are.