Apple Adds RCS End-to-End Encryption in iOS 26.5

Apple has officially confirmed that iOS 26.5 will introduce end-to-end encryption (E2EE) for RCS messages sent through the Messages app, marking a watershed moment for cross-platform messaging security between iPhone and Android devices. The update addresses the most significant criticism leveled at Apple's RCS adoption since its initial rollout, finally bringing the same level of privacy protection that iMessage users have enjoyed for over a decade to conversations with Android users.

Key Takeaways at a Glance

• iOS 26.5 adds end-to-end encryption to all RCS conversations in Apple Messages
• The implementation follows the GSMA's Universal Profile 3.0 specification for RCS E2EE
• Cross-platform encrypted messaging between iPhone and Android becomes possible for the first time natively
• Google Messages already supports the updated RCS encryption standard on the Android side
• Green bubble conversations will now carry the same encryption guarantees as blue bubble iMessage chats
• The update is expected to roll out in late 2025 as part of Apple's regular software release cycle

Why RCS Encryption Matters Now More Than Ever

When Apple first adopted RCS (Rich Communication Services) in iOS 18, it was a landmark concession from a company that had long resisted the standard. RCS replaced the aging SMS/MMS protocols with modern features like read receipts, typing indicators, high-resolution media sharing, and group chat improvements.

However, the initial implementation had a glaring omission. Messages sent via RCS between iPhones and Android devices lacked end-to-end encryption, meaning carriers and potentially other intermediaries could theoretically access message content.

This gap was particularly notable given that iMessage has offered E2EE since 2011. Privacy advocates and security researchers criticized Apple for adopting RCS without encryption, arguing it created a false sense of security for users who assumed their conversations were protected.

The criticism intensified after the FBI and CISA (Cybersecurity and Infrastructure Security Agency) issued a joint advisory in late 2024 urging Americans to use encrypted messaging platforms. The advisory came in response to the Salt Typhoon cyberattack, which compromised major U.S. telecommunications networks and exposed unencrypted text messages.

GSMA Universal Profile 3.0 Powers the Upgrade

The technical foundation for Apple's RCS encryption comes from the GSMA, the global industry organization that oversees the RCS standard. In March 2025, the GSMA published its Universal Profile 3.0 specification, which formally added end-to-end encryption based on the Messaging Layer Security (MLS) protocol.

MLS is an IETF standard designed specifically for group messaging encryption. Unlike the Signal Protocol used by apps like Signal and WhatsApp, MLS is purpose-built to handle the complexities of large group conversations efficiently.

Apple's adoption of MLS-based RCS encryption aligns with its broader security strategy. The company has already implemented MLS in iMessage through its PQ3 post-quantum cryptography upgrade, which rolled out in iOS 17.4. This means Apple's engineering teams have deep familiarity with the protocol.

Key technical details of the implementation include:

• MLS-based key exchange ensures only sender and recipient devices can decrypt messages
• Perfect forward secrecy protects past messages even if encryption keys are later compromised
• Cross-platform interoperability means encryption works seamlessly between iOS and Android
• Group chat encryption extends E2EE to multi-party RCS conversations
• Media encryption covers photos, videos, and files shared through RCS

Google and Apple Finally Align on Messaging Security

Google has been one of the most vocal proponents of RCS adoption, spending years publicly pressuring Apple to support the standard through its 'Get The Message' campaign. Google Messages has supported RCS E2EE for Android-to-Android conversations since 2021, using a proprietary encryption layer.

With the GSMA's standardized E2EE specification, both companies now operate on the same encryption framework. Google updated its Messages app to support the Universal Profile 3.0 E2EE standard earlier in 2025, ensuring compatibility with Apple's implementation.

This alignment represents a rare moment of cooperation between the two tech giants on a consumer-facing feature. For years, the 'green bubble vs. blue bubble' divide was not just cosmetic — it reflected a genuine security disparity. Blue bubble iMessage conversations were encrypted, while green bubble SMS and early RCS conversations were not.

With iOS 26.5, that security gap effectively closes. While the visual distinction between green and blue bubbles will likely remain, users can be confident that both conversation types now offer comparable encryption protections.

What This Means for 2 Billion+ Smartphone Users

The practical implications of this update are enormous. There are approximately 1.4 billion active iPhone users and over 3 billion Android users worldwide. Every cross-platform text conversation between these devices stands to benefit from RCS E2EE.

For everyday users, the change is largely invisible — and that is by design. Encryption happens automatically in the background without requiring users to toggle settings, download additional apps, or exchange encryption keys manually. This 'encryption by default' approach is critical for mass adoption.

The update has significant implications for several user groups:

• Business users can now communicate sensitive information across platforms without resorting to third-party encrypted apps
• Healthcare professionals gain a more secure native messaging option that could support HIPAA-adjacent communication needs
• Journalists and activists benefit from encrypted cross-platform messaging without needing to coordinate on a specific third-party app
• General consumers receive meaningful privacy protection without any behavior change
• Enterprise IT departments can develop more flexible BYOD (Bring Your Own Device) policies knowing native messaging is encrypted

Compared to the previous RCS implementation without encryption, this is a transformative upgrade. Previously, users who wanted encrypted cross-platform messaging had to rely on third-party apps like Signal, WhatsApp, or Telegram (which only offers E2EE in its 'Secret Chats' mode). Now, the default messaging app on both major mobile platforms provides this protection natively.

How This Fits Into the Broader Privacy Landscape

Apple's RCS encryption rollout arrives during a period of heightened global focus on digital privacy and security. The European Union's Digital Markets Act has already forced Apple to open up its ecosystem in numerous ways, and regulators worldwide are increasingly scrutinizing how tech companies handle user communications.

The move also comes as AI-powered communication tools become more prevalent. With features like Apple Intelligence integrating deeply into the Messages app — offering AI-generated summaries, smart replies, and contextual suggestions — ensuring that the underlying message transport layer is encrypted becomes even more critical.

There is a nuanced tension between AI features that need to process message content on-device and encryption that protects messages in transit. Apple has positioned its on-device processing approach as the solution, where AI features analyze messages locally on the user's device rather than sending content to external servers.

This architecture allows Apple to offer both cutting-edge AI functionality and robust encryption simultaneously — a combination that competitors have struggled to balance. Google's approach with Gemini integration in Google Messages follows a similar on-device processing philosophy for sensitive communications.

Looking Ahead: The Future of Encrypted Messaging

The addition of E2EE to RCS in iOS 26.5 is not the end of the road — it is a foundation for future developments. Several trends are likely to shape the next phase of messaging security.

Post-quantum cryptography will eventually need to be applied to RCS E2EE, just as Apple has already done with iMessage's PQ3 protocol. Quantum computers, while still years away from practical deployment, pose a theoretical threat to current encryption methods. Both Apple and Google will need to work with the GSMA to integrate quantum-resistant algorithms into future RCS specifications.

Regulatory requirements may also accelerate. The EU, UK, and Australia have all debated legislation around encrypted messaging, sometimes pushing for 'backdoor' access for law enforcement. The widespread adoption of RCS E2EE could reignite these debates, particularly as the technology becomes the default for billions of users rather than an opt-in choice.

Interoperability mandates under the EU's Digital Markets Act could further expand encrypted messaging across platforms. The DMA already requires designated 'gatekeeper' platforms to support interoperability with third-party messaging services — and encryption is a key component of how that interoperability must function.

For now, users should ensure their devices are updated to iOS 26.5 when it becomes available and verify that their carrier supports the latest RCS Universal Profile. Most major carriers in the United States — including AT&T, Verizon, and T-Mobile — already support RCS, and the encryption upgrade will apply automatically once both the sender and recipient are running compatible software.

Apple's confirmation of RCS E2EE in iOS 26.5 closes one of the last major gaps in consumer messaging security. For the first time, the billions of text messages sent daily between iPhones and Android devices will be protected by the same caliber of encryption that was once exclusive to proprietary platforms. It is a win for users, a win for privacy advocates, and a signal that the industry can collaborate on security when the stakes are high enough.