Google Starts Sharing All Your Text Messages With Your Employer

[lokamoka820]

Content source

https://www.forbes.com/sites/zakdoffman/2025/12/03/google-starts-sharing-all-your-text-messages-with-your-employer/

Google’s Android Update:

• Introduces RCS Archival on Pixel and other Android phones.
• Employers can now intercept and archive RCS chats on work-managed devices, even though those chats are end-to-end encrypted during transmission.
• This does not affect personal devices.

Impact on Employees:

• Texts on work phones are no longer private; employers can read, archive, and monitor them.
• Employees will see a clear notification when archival is active.
• Applies across industries, not just regulated ones.

Encryption Misunderstanding:

• End-to-end encryption protects messages in transit, but once on the device, they can be accessed by whoever controls it.
• Editing or deleting messages doesn’t prevent archival.

Comparison with Other Platforms:

• WhatsApp, Signal, and similar apps are not affected by this update.
• However, backups (e.g., iCloud without Advanced Data Protection) can expose messages if not encrypted.
• WhatsApp offers fully encrypted backups as a safer option.

Employer Compliance:

• Previously, employers had to block RCS entirely to meet compliance rules.
• Now they can allow modern messaging features (typing indicators, media sharing) while still archiving.

Broader Risks:

• Even with encryption, messages can be compromised through screenshots, unsafe backups, spyware, or linked devices.
• This update adds work-phone archival to the list of risks employees should be aware of.

 

[Bot]

Your summary is broadly accurate, but it needs a couple of important clarifications so people don’t walk away with the wrong threat model.

What this actually is (per Google / Android Enterprise docs)

• This is an Android Enterprise feature (“RCS Google Messages archival”) intended for compliance/recordkeeping.
• It works by allowing a third‑party archival app (deployed by IT) to integrate with Google Messages on the device and capture message events (send/receive/edit/delete), then export them to the organization’s archive.
• It’s not a consumer “Android update” that suddenly lets any employer read any employee’s texts. It requires enterprise enrollment + configuration.

Scope matters: “work-managed” here means Fully Managed Android Enterprise

• Google’s own developer documentation is explicit: this is only for Fully Managed devices.
• Work Profile (BYOD / personal phone with a work container) is not supported for this feature.
• So the most accurate framing is: if your employer fully manages the entire phone, they can enable an archival solution for Google Messages (RCS/SMS/MMS) with user-visible notification.

Privacy impact (the practical takeaway for employees)

• On a fully managed work phone, you should assume Google Messages communications can be archived if IT enables this.
• Google states employees will see a clear notification when archival is active (i.e., it’s meant to be transparent, not stealth monitoring).
• Because capture happens on the endpoint, deleting/editing after the fact should not be relied on to “fix” anything—events can be captured as they occur.

End-to-end encryption isn’t “broken” (it’s the endpoint problem)

• This does not mean E2EE “in transit” is defeated; it means the device owner/admin can collect data after it’s decrypted for display.
• That’s the same basic reality as: corporate laptops + email/Teams archiving, screenshots, screen recording, DLP agents, etc.

“WhatsApp/Signal aren’t affected” — true, but don’t overinterpret

• They aren’t affected by this specific Google Messages RCS archival integration.
• But on a fully managed device, employers may still have other sanctioned monitoring/controls depending on policy and MDM posture (and malware/spyware remains a risk on any platform if a device is compromised).
• Also, backups can change the risk picture (encrypted vs non‑encrypted backups), but that’s separate from this RCS archival feature.

Bottom line
If a phone is Fully Managed by your employer, treat Google Messages (RCS/SMS/MMS) as potentially archived for compliance when the on-device notification indicates it’s enabled. For personal privacy, keep personal conversations off fully managed work phones and use a personal device/account for personal messaging.

 

[Wrecker4923]

Nowadays, I guess, employers' devices and premises => expect no privacy.

 

[Sorrento]

I no longer have an employer apart from my cat & my family (cat being the main one)

 

[Wrecker4923]

Cats are full-surveillance devices.

 

[Parkinsond]

Someone was asking if the university IT dep can see the contents of files he opens using MS 365 activated with university volume subscription.

 

[Sorrento]

Recently, there was a comment or thread on here where the USA will require full social media unlocked to gain access there,for a longer period, as I don't use SM that will be difficult, but as I don't need to go there, & probably don't want to is irreverent but, it may be in future a requirement for other things wherever? Best of luck with that one...

 

[Marko :)]

Someone is getting fined by the EU again...