To use end-to-end encryption in Messages, you and the person or group you message must both:
- Use the Messages app.
- Have RCS chats turned on.
- Use data or Wi-Fi for Rich Communications Services (RCS) messages.
- Text messages are dark blue in the RCS state and light blue in the SMS/MMS state.
- End-to-end encryption is automatic in eligible conversations.
- You’ll get a banner that says “ Chatting with [contact name or phone number]” when end-to-end encryption is active in a conversation. Your messages will also include a lock on the send button. The timestamps of end-to-end encrypted messages also have a lock .
Important: End-to-end encryption isn’t available for SMS/MMS messages.
How end-to-end encryption works
When you use the Messages app to send end-to-end encrypted messages, all chats, including their text and any files or media, are encrypted as the data travels between devices. Encryption converts data into scrambled text. The unreadable text can only be decoded with a secret key.
The secret key is a number that’s:
- Created on your device and the device you message. It exists only on these two devices.
- Not shared with Google, anyone else, or other devices.
- Generated again for each message.
- Deleted from the sender's device when the encrypted message is created, and deleted from the receiver's device when the message is decrypted.
The Messages delivery server, and any person or third-party who might gain access to data for messages and content sent between devices, won’t be able to read end-to-end encrypted messages because they don’t have the key.
Each end-to-end encrypted conversation has a unique verification code. This code must be the same for you and your contact to verify that your messages are end-to-end encrypted.
Tip: As an added measure, you can make sure you and your contact have the same verification code.
You can learn more in the Messages end-to-end encryption technical paper.
How to tell when end-to-end encryption is on
If you have a lock on the send button when you compose a message and next to the message’s timestamp, end-to-end encryption is used.
If you or your contact lose RCS chats, end-to-end encryption is no longer possible for messages you send or receive. If that happens, you won’t have a lock next to the timestamp of the conversation's latest message or on the send button when you compose a message.
You’re in controlConversations default to end-to-end encryption
Once a conversation becomes end-to-end encrypted, it won’t revert to SMS messages unless you or your contact lose or disable RCS, or switch to a new phone or operating system. End-to-end encrypted messages can only be delivered over data or Wi-Fi. If you or the person you’re messaging lose data or Wi-Fi, you’ll also lose RCS.
You can send an SMS instead, or wait until you or the person you’re messaging gets RCS again.Note: SMS/MMS messages are not end-to-end encrypted.
End-to-end encryption is automatic in eligible conversations, so Messages won’t disable other features that help with your message experience, like Google Assistant suggestions, spam detection, and automatic previews.
Note: Automatic previews and link previews work with end-to-end encrypted messages, but your privacy is protected by decoupling the previewed content from user identifiers like your name or phone number. You can change your Messages settings and notifications.
With your permission, some Google and third-party apps can access your messages to provide seamless companion experiences like when you restore your messages to a new phone or app, or when you send message notifications to your home device, smartwatch, or car.
When end-to-end encrypted messages are received on your phone, they’re also included in Android backup and accessible to apps you’ve granted SMS or notifications permissions to. You can manage which apps can access your messages.