The mobile texting SMS standard turns 30 this year, and insecurity and outdated features are holding the world back. Here’s why you should remove SMS ASAP.
Brief background about SMS
SMS stands for “Short Message Service”. It is a mobile text messaging standard that is supported in most mobile phones around the world. It originated in Europe beginning in 1984, although it didn’t first appear on the market until 1992. However, SMS is up to 30 this year, and is far past its on-sale date.
While hundreds of millions of people use SMS every day, in the US we often hear about SMS in the context of Apple and how the Messages app colors SMS bubbles green, as opposed to blue ones. But the issues with SMS are much deeper than that, as we will see below.
SMS are subject to monitoring
SMS is not encrypted, and mobile carriers can see the contents of each SMS without needing any special permission to do so. Often, carriers keep a log of your SMS for law enforcement purposes, and your SMS can be subject to a subpoena in civil cases such as divorce. Also, governments can easily collect and search them.
To address this privacy issue, many people use private online messaging apps like iMessage or Signal that use end-to-end encryption. With these services, the companies running the messaging services cannot (in most cases) intercept the messages, and the messages travel over Wi-Fi or a cellular data plan rather than the SMS network. Relying on SMS makes everyone less private and secure.
SMS is not safe for 2FA
Two-factor authentication, or “2FA” for short, is a way to verify your identity using two different verification methods simultaneously. For example, to log into a website, you can enter a password and receive a code via an SMS text message sent to your cell phone number.
While using SMS-based 2FA is better than not using two-factor authentication at all, it has its problems. One of the main reasons is that it shifts the burden of your account security to your cell phone company. If someone knows your cell phone number and your Social Security number, they will likely convince an employee of your carrier to transfer your cell phone number to a new device so they can receive your 2FA codes. This has happened quite a bit in the past.
Another problem with using SMS for 2FA is the same as above: Governments and cellular carriers can intercept SMS, which is a problem in countries with governments that may use the information to target opponents’ online accounts, which is what happened in Iran.
Also, there are other privacy issues with giving out your phone number, such as using Facebook to help people find you. Instead of using SMS for 2FA, consider using an authentication app instead, such as Authy.
Related: How to set up Authy for two-factor authentication (and sync your tokens between devices)
SMS traps you in group chats
SMS provides no way to leave group chats – or for the person who created the group to remove group members who may be misbehaving. As a result, if you are restricted to a group SMS text message, you are stuck unless all of the group participants stop replying to the group text messages.
Proprietary text messaging services (like Apple’s iMessage) usually provide ways to leave group chats, but these are not as industry-wide as SMS. Fortunately, the new standard RCS (which we’ll talk about below) solves this problem by including both the ability to leave group texts and modify chat group membership. It’s a very late upgrade that can only happen if we all give up on SMS.
SMS costs extra money
While many people have unlimited texting plans these days, it’s not universal. Carriers still make a lot of money by charging extra for SMS messages, and that’s one reason why alternative Internet-based texting services are so popular: they help you chat for free, which is a reasonable request in this day and age if you pay Already charge a cellular and mobile data plan.
Related: How to cancel texting and texting fees for free
SMS has been replaced by RCS
Since 2018, companies like Google have supported a new SMS standard called Rich Communication Service, or “RCS” for short. The Remote Control System (RCS) improves SMS by allowing high-resolution images, adding features such as read receipts and showing when the other person wrote a reply, adding the ability to leave group chats and modifying members of group texts, among other features.
On the downside, RCS isn’t encrypted by default (although Google added its own encryption in Messages), and it’s still sent over the carrier-controlled mobile network, so it’s vulnerable to interception and storage by carriers, governments, and the law is mandatory. However, switching to RCS as a baseline would greatly improve the texting features for hundreds of millions of people around the world.
What should I use instead of SMS?
If you are a cellular carrier or a mobile phone manufacturer, it should fully support RCS, which will allow SMS to be turned off eventually. At the moment, Apple is a particularly prominent company, and it does not support RCS on the iPhone. Google supports RCS with encryption in its Messages app, which can run on Android.
If you are an individual who wants maximum privacy in your text communications, we recommend Signal, which has fairly broad support. Hopefully, in the future, the industry will agree to a global standard for encrypted text messaging that could replace both SMS and RCS. But for now, it’s time to retire SMS. It’s been a good run, but times are changing, and so are we.