Finally: End-to-End Encryption for Cross-Platform RCS Chats Between iPhone and Android

In a long-awaited move, Apple's iOS 26.5 update introduces end-to-end encryption for Rich Communication Services (RCS), securing conversations between iPhone and Android devices by default. This milestone fulfills promises from both Apple and Google, marking a significant leap in cross-platform messaging privacy. Below, we answer key questions about this development.

What New Feature Did Apple Add in iOS 26.5?

Apple released iOS 26.5 with support for end-to-end encryption on Rich Communication Services (RCS). This means that when you use the default Messages app on iPhone to chat with someone on Android using Google Messages, your conversation is now encrypted by default—provided your mobile carrier supports both RCS and encrypted messaging. The update effectively replaces old SMS with RCS, which already improved media quality in 2024. Now, those chats gain a vital layer of privacy, preventing Apple, Google, or your carrier from reading message contents.

Finally: End-to-End Encryption for Cross-Platform RCS Chats Between iPhone and Android — Source: www.eff.org

How Does Encryption Work Between Apple Messages and Google Messages?

Encryption kicks in automatically for RCS conversations once the sender and receiver both have the necessary software and carrier support. On Apple's side, the feature is currently marked as beta, meaning it's still rolling out. For Android users, the latest version of Google Messages is required. When all conditions are met, you'll see a lock icon and the word “Encrypted” at the top of the chat. The encryption is implemented using the GSMA RCS Universal Profile 3.0, which incorporates the Messaging Layer Security (MLS) protocol—a robust standard designed for group and one-to-one messaging.

Which Protocols and Standards Make This Encryption Possible?

Both Apple and Google adopted the GSMA RCS Universal Profile 3.0, which mandates the use of the Messaging Layer Security (MLS) protocol for end-to-end encryption. MLS is a modern cryptographic protocol that provides efficient, secure messaging, handling key management and ensuring that only participants in the conversation can read messages. This standard is a key reason the feature works seamlessly across iOS and Android, despite the platforms' differences. Previously, RCS lacked this encryption, leaving chats vulnerable to interception.

When Will Users See the Encrypted Status on Their Chats?

The encrypted status appears immediately once both ends of the conversation meet the requirements: the right app versions (iOS 26.5 for iPhone, latest Google Messages for Android) and carrier support for encrypted RCS. If any participant lacks these, the chat remains unencrypted—so it's important to check. Apple displays a lock icon and the word “Encrypted” at the top of the conversation window, as seen in official screenshots. Rollout depends on carriers, so some users may not see the status right away. Until then, conversations are not protected.

What Limitations or Caveats Should Users Be Aware Of?

While message content is now encrypted, metadata—such as who you're talking to, when, and for how long—may still be collected and stored by carriers or Apple/Google. For ultrasensitive conversations, alternative apps like Signal offer metadata protection and are still a better choice. Additionally, cloud backups pose a risk: if you back up iMessage to iCloud without Advanced Data Protection (ADP) enabled, those backups may not be encrypted. Google Messages encrypts text in backups but not media. Thus, for full security, users should enable ADP on iOS or consider other backup strategies.

How Does This Compare to Messaging Alternatives Like Signal?

Signal remains the gold standard for private messaging due to its end-to-end encryption by default, open-source protocol, and minimal metadata collection. The new RCS encryption is a major improvement for default chat apps, but it doesn't hide metadata, and its security is only as strong as the carriers' implementation. For everyday chats with friends and family, RCS encryption is a welcome upgrade. However, for journalists, activists, or anyone requiring maximum privacy, Signal or similar apps are still recommended. The new feature closes the gap for casual users who don't want to switch apps.

Why Is This Considered a Victory for Privacy?

This update brings end-to-end encryption to billions of cross-platform messages that previously relied on unencrypted SMS or poorly secured RCS. It fulfills a long-standing request from privacy advocates and demonstrates that competitors (Apple and Google) can collaborate on critical security standards. By adopting the GSMA Universal Profile 3.0 and MLS protocol, they set a baseline for secure messaging that other companies can follow. While not perfect—metadata and backup issues remain—it's a huge step forward. We applaud both companies for prioritizing user privacy and hope this encourages broader adoption of encryption everywhere.

Tags: