[Update: Samsung Only] Google Messages has a hidden RCS API for third-party apps

[Update: Samsung Only] Google Messages has a hidden RCS API for third-party apps

Update 2 (07/09/2021 @ 4:49 PM ET): We have learned that this RCS API is currently not intended for use by third-party apps. Click here for more information.

Previous updates

Update 1 (07/09/2021 @ 02:53 PM ET): We’ve updated the article with information that the API can only be found in the Samsung-exclusive version of the Google Messages app. Click here for more information.

RCS, which stands for Rich Communication Services, is generally seen as the successor to SMS. It supports features like group chat management, higher quality file shares, read receipts, typing indicators, and end-to-end encryption. In order to use the RCS protocol for chats, it has to be supported by the network, the phone’s OS, and the phone’s messaging app through an API. American carriers dragged their feet for too long in adopting RCS, so Google bypassed them entirely and added their own RCS backend to the Google Messages app. However, on Android, only the Google Messages app can access Android’s RCS API. That could change if Google opens up its “Android Messages API.”

Back in 2019, we learned that Google was working on adding an RCS API. Sadly, the APIs were hidden from developers and can only be used by apps on a hidden allowlist — which includes the Google Messages app. While the Google Messages app has gotten a lot better lately, it’s still being updated with basic features you’ll found in plenty of other text messaging apps for Android. The problem with switching to one of those other apps is that you won’t be able to send messages over RCS, so you’ll lose out on all the features we talked about above. However, we found evidence that Google has an unpublicized “Android Messages API” that lets any third-party text messaging app send SMS/MMS/RCS messages using Google Messages.

An APK teardown can often predict features that may arrive in a future update of an application, but it is possible that any of the features we mention here may not make it in a future release. This is because these features are currently unimplemented in the live build and may be pulled at any time by the developers in a future build.

When Google Messages rolled out today on Google Play, we decoded the APK and discovered the following strings in its resources:

<string name="external_messaging_api_description">With this permission the app will be allowed to send SMS/MMS/RCS using Android Messages. It will have an access to send messages without any extra approvals.</string>
<string name="external_messaging_api_label">Permission to send SMS/MMS/RCS messages using Android Messages API</string>

These strings clearly describe a permission that third-party messaging apps can request to be able to send SMS, MMS, or RCS messages through the Google Messages app. Within the Google Messages app’s Manifest file, we also found the permission that messaging apps will have to declare:

<permission android:description="@string/external_messaging_api_description" android:label="@string/external_messaging_api_label" android:name="com.google.android.apps.messaging.EXTERNAL_MESSAGING_API" android:permissionGroup="android.permission-group.SMS" android:protectionLevel="dangerous"/>

The permission type is listed as “dangerous”, which means that it won’t be granted to a requesting app without a confirmation being displayed to the user. This is also hinted at in the strings embedded above, which state that an app that holds the permission can “send messages without any extra approvals”, implying that approval has to be given initially. The permission is grouped under the SMS category, which makes sense since it’s only intended to be used by messaging apps.

While we were hoping to see Google open up the Android platform’s RCS API, there’s potentially one big advantage to having Google Messages handle message routing. This could mean that all RCS messages sent through a third-party messaging app will use Google’s Chat service, which is thus far the most widely used RCS implementation since none of the carriers’ versions have taken off.

We haven’t found an announcement from Google on this Android Messages API yet, but we’re hoping to see it opened up soon. Third-party text messaging apps are at a disadvantage right now since they lack RCS support, but this API will mean you can use your favorite text messaging app and enjoy the benefits of RCS. Of course, the third-party text messaging app will have to actually implement the new API, but it doesn’t look like it’ll be too difficult to implement.

Messages
Messages
Developer: Google LLC
Price: Free

Update 1: API only found in Samsung version of the app

Shortly after we published this article, we learned that the strings and Manifest entry for the Android Messages API can only be found in the Google Messages app for Samsung Galaxy phones. It’s the same app and package name, but Google Play dynamically rolls out this version of the app to Samsung Galaxy phones. These entries were added several versions ago, so the API itself doesn’t seem to be new. We aren’t sure why the entries only show up in the version of the app for Samsung phones, but it’s possible Google made the API so Samsung’s Messaging app can use Google’s Chat service without users needing to switch apps. However, we don’t see why this API can’t be opened up to other apps, and we also don’t see any evidence yet within the Samsung Messages app itself that it’s using this API. Hopefully, Google opens up the API to all third-party messaging apps by including it in the main version of the app.


Update 2: API restricted to Samsung apps

Digging deeper into the Google Messages app (h/t 9to5Google), we found evidence that this Android Messages API is currently restricted for use by select Samsung apps. Specifically, it seems this feature is aimed at letting Samsung wearables and connected tablets send SMS, MMS, and RCS messages through Google Messages. This is part of Samsung’s Call & Message Continuity feature.

The current allowlist includes the package for Call & Message Continuity, ie. “com.samsung.android.mdecservice”, among other apps. The code checks the package name and signature of the requesting app before granting access to the API. A flag allows any app to access the API, but this value is clearly intended not to be used publicly. (The flag is aptly named “allow_any_app_to_connect_do_not_use_in_public_builds”.)

Thanks to PNF Software for providing us a license to use JEB Decompiler, a professional-grade reverse engineering tool for Android applications.

About author

Mishaal Rahman
Mishaal Rahman

I am the Editor-in-chief of XDA. In addition to breaking news on the Android OS and mobile devices, I manage all editorial and reviews content on the Portal. Tips/media inquiries: [email protected]