In the wake of China’s hack of US telecoms, already dubbed the worst in history, FBI and CISA officials are warning users to rely on encrypted messaging platforms.

China perpetrated the “worst telecom hack” in US history, an operation carried about by a group called Salt Typhoon. The group hacked some of the nation’s biggest providers, including both Verizon and AT&T, to surveill persons of interest. To date, much of the surveillance has been centered around the D.C. area, but there’s no limit to who the group could surveil, among the impacted telecom customers. While security experts and law enforcement have been working to oust Salt Typhoon from the telecoms, the efforts have had mixed success.

According to NBC News, an unnamed senior FBI official and Jeff Greene, an executive assistant director for cybersecurity at CISA, is warning that consumers should rely on encrypted communication methods to ensure China cannot listen in on conversations or read texts.

“Our suggestion, what we have told folks internally, is not new here: Encryption is your friend, whether it’s on text messaging or if you have the capacity to use encrypted voice communication. Even if the adversary is able to intercept the data, if it is encrypted, it will make it impossible,” Greene said.

What This Means for iOS/Android Communication

Unfortunately, the FBI and CISA’s recommendation to use encrypted communication means that Apple and Android users should not rely on the new RCS messaging when communicating with each other.

RCS is the successor to basic SMS text messaging and supports end-to-end encryption (E2EE)—but only when communicating with other Android users. While Apple has implemented RCS in the latest version of iOS, giving cross-platform users read receipts, high-definition media, and better group admin, E2EE does not work when communicating between Android and iOS. While Apple and Google are working to implement E2EE, it’s not yet available, and there’s no concrete date for when it will be.

As a result, until cross-platform RCS provides the needed security, or until Salt Typhoon is successfully ousted from telecoms, Signal or WhatsApp are far better options for cross-platform communication. Importantly, both options provide text and voice capabilities.

The Irony of the FBI Recommending Encryption

It should also be noted that there is a tremendous amount of irony in the FBI recommending users rely on E2EE.

The FBI has traditionally argued against E2EE, saying it makes it harder for law enforcement to do its job and catch criminals. The agency has argued that companies should build backdoors into E2EE platforms so law enforcement can access encrypted communications when they want/need to.

In contrast, privacy and security experts have long maintained that E2EE is a vital part of modern communications, and that banning it or forcing backdoors would be detrimental to all users, including law-abiding ones. Without E2EE, government officials, journalists, activists, and countless others would be vulnerable to their communication being read by others. What’s more, there is simply no way to implement a backdoor into encryption for the “good guys” without a significant risk of the “bad guys” finding and abusing it.

Ultimately, the FBI endorsing E2EE communication methods to prevent Chinese hackers from accessing user communications, is the single biggest argument why E2EE should never be weakened, backdoored, or abandoned.

Conclusion

In the meantime, users should take the FBI and CISA warning seriously and switch to Signal or WhatsApp until the Salt Typhoon situation is resolved.

Beyond Salt Typhoon, the current situation underscores why encrypted communication methods should be the default for all users in all situations. The argument that “I’m not doing anything wrong, so I don’t have anything to hide” is not a valid reason to not take basic precautions.

All users—including law-abiding ones—should rely on E2EE communication methods. Unfortunately, for Android and Apple users, that means avoiding RCS until the two companies deliver on their promise to secure cross-platform chats with E2EE.