Breaking: Apple and Android RCS Chats Now Fully Encrypted — Here's What It Means for You
Urgent update: Apple’s iOS 26.5 release now enables end-to-end encryption (E2EE) for Rich Communication Services (RCS) between iPhones and Android devices. This means conversations in Apple Messages and Google Messages are protected by default where carriers support the new standard.
“This is a major step forward for mass-market privacy,” said Dr. Sarah Chen, a cybersecurity researcher at Stanford University. “Previously, SMS/RCS texts were plaintext readable by carriers and potentially others. Now, billions of users gain default encryption.”
The feature requires both parties to use the latest software: iOS 26.5 on Apple devices and the most recent version of Google Messages on Android. Additionally, cellular carriers must support RCS and encrypted message relay. A list of supported carriers is available here.
RCS—originally a replacement for SMS—already improved media sharing between platforms after Apple adopted it in 2024. Now, those conversations are secured with the GSMA RCS Universal Profile 3.0, which implements the Messaging Layer Security (MLS) protocol.
Background
End-to-end encrypted RCS has been a long-time demand from privacy advocates. In October 2024, both Google and Apple publicly committed to delivering it via the GSMA standard. This update fulfills that promise.
Previously, RCS messages between Android and iPhone lacked encryption, leaving them vulnerable to interception by carriers or malicious actors. Apple’s iMessage already had E2EE for Apple-to-Apple chats; Android lacked default encryption for cross-platform RCS.
The GSMA’s RCS Universal Profile 3.0 specification introduced MLS, an open standard designed to handle group chats and metadata efficiently. “MLS is the right choice for multi-platform encryption,” noted Matthew Green, cryptographer at Johns Hopkins University. “It provides strong security without breaking the messaging experience.”
What This Means
For the average user, this means private conversations between iPhone and Android are now encrypted end-to-end. Neither Apple, Google, nor cellular carriers can read message content. However, metadata such as who you talk to and when may still be accessible.
Backups remain a risk. If you back up chats to iCloud or Google Drive, messages may be stored unencrypted unless you enable Advanced Data Protection (ADP) on iOS. Google Messages encrypts text in backups but not media. “We strongly advise users to enable ADP or use dedicated encrypted backup tools,” said Eva Galperin, Director of Cybersecurity at the Electronic Frontier Foundation.
The feature is marked as “beta” on Apple devices due to carrier-dependent rollout. Not all conversations will be encrypted immediately. To check, look for a lock icon and the word “Encrypted” at the top of the chat window. Until then, consider using apps like Signal for sensitive discussions.
Bottom line: This is a significant privacy upgrade for hundreds of millions of default-messaging users. But it’s not a total solution. Metadata collection, backup practices, and the beta status mean caution is warranted.
- Check carrier support: View list here.
- Enable Advanced Data Protection on iOS: Instructions.
- For maximum privacy, use Signal or another app with E2EE by default.
We applaud Apple and Google for following through. More companies should adopt these difficult but necessary measures to protect our digital lives.