Wow, RCS seems pretty bad from a privacy standpoint.
The spec is available on the GSMA website [0]. The relevant section is 2.13.1.3 of "Rich Communication Suite 6.0 Advanced Communications Services and Client Specification Version 7.0-final draft" available in the specification ZIP.
TL;DR: Encryption seems to be included but for voice and video only. They have _deliberately_ compromised messaging security to be vulnerable to interception.
"SRTP [RFC3711] may be used to provide per message authentication, integrity protection and encryption for both RTP and RTCP streams involved in real-time video and voice sessions."
[...]
"[3GPP TS 33.328] defines two modes of operation for SDES/SRTP: e2ae (end-to-access edge) mode and e2e (end-to-end) mode."
"[...] the RCS client may try e2e [...]"
And:
<Basic description of the messaging protocol>
"When using MSRPoTLS, and with the following two objectives allow compliance with legal interception procedures, the TLS authentication shall be based on self-signed certificates and the MSRP encrypted connection shall be terminated in an element of the Service Provider network providing service to that UE. Mutual authentication shall be applied as defined in [RFC4572]."
There are a bunch of customers that are countries that have a tight hold on their telecom industry. Which I don't mean to offer as a justification, just as an observation that making allowances for "compliance with legal interception procedures" is not anything new for that industry.
The spec is available on the GSMA website [0]. The relevant section is 2.13.1.3 of "Rich Communication Suite 6.0 Advanced Communications Services and Client Specification Version 7.0-final draft" available in the specification ZIP.
TL;DR: Encryption seems to be included but for voice and video only. They have _deliberately_ compromised messaging security to be vulnerable to interception.
"SRTP [RFC3711] may be used to provide per message authentication, integrity protection and encryption for both RTP and RTCP streams involved in real-time video and voice sessions."
[...]
"[3GPP TS 33.328] defines two modes of operation for SDES/SRTP: e2ae (end-to-access edge) mode and e2e (end-to-end) mode."
"[...] the RCS client may try e2e [...]"
And:
<Basic description of the messaging protocol>
"When using MSRPoTLS, and with the following two objectives allow compliance with legal interception procedures, the TLS authentication shall be based on self-signed certificates and the MSRP encrypted connection shall be terminated in an element of the Service Provider network providing service to that UE. Mutual authentication shall be applied as defined in [RFC4572]."
[0] http://www.gsma.com/network2020/specs-and-product-docs/