Turtacular 'm glad the method I mentioned is working for those of us trying it, though I feel the need to mention (since it bothers me from a security standpoint) that we are using an out of date version of the app. Right now, that feels to me like choosing a lesser evil. I compare this method with the alternative of being unable to access existing group chats for work/personal use (they don't fall back to MMS) and to sending clear text absent e2ee or even encryption in transport.
Yeah, it would be nice to have an explanation of the risks of using an out of date verison of the app. The Graphene devs and moderators have said, using an out of date app is not recommended. But there has been no explanation of the risk beyond that. It doesn't seem obvious to me that the alternatives are better.
It seems like we have the choice of:
1) Not enabling RCS and being stuck with unencrypted plain text SMS. Putting aside for the moment that disabling RCS breaks group chats that already exist and that is more or less completely unworkable for many people, plaint text SMS is not exactly great for security. It has known vulnerabilties and government agencies have even warned that text messages on the back end server side are probably being monitored by state agencies from places like China. Keep in mind that for many people one time security codes for all kinds of services are delivered via SMS. So this is insecure in the extreme.
2) We can use an old version of Messages to keep RCS working. I already have some services that use RCS for security tokens when available. Isn't this better, even on an old version of Messages, than tokens and other messages via SMS?
3) While Graphene is working on its preferred solution to get RCS working (which seems to be taking some time), it could provide toggles that allow people to enable the privileged system permissions necessary for up to date Messages to work with RCS. The devs have described this as not the Graphene way. But is it really worse than using an old version of Messages or being stuck with SMS only? After all, on stock Android, Messages functions as a system component with privileged permissions. Stock Android is a reasonably secure OS. This does not seem like an obviously bad temporary solution.
4) People can continue to do the work around to get RCS connected and then upgrade to the Play Store version and put up with redoing this every 36 hours. But that seems like an obviously unreasonable solution, given people have already been dealing with this for almost three months. Most people will choose one of the other less secure solutions or just go back to stock Android (therefore ending up with a version of Messages that has privileged system permission anyway).
I get that Graphene wants to stick to their way of doing things. But it seems like the de facto end result is that people are stuck with choices that are less secure than providing toggles for the privileged permssions Messages needs (until a better solution can be developed). I don't know if it's really serving the security of Graphene end users to leave things in the messy limbo that they are currently in.