Apple will enable end-to-end encryption for RCS messages between iOS and Android devices starting with iOS 26.5, according to Engadget’s report published May 05, 2026. The update, expected to roll out in beta by mid-June, marks the first time cross-platform SMS-like messages will be fully encrypted in transit—something iMessage has offered for years but only within Apple’s walled garden.
Key Takeaways
- iOS 26.5 will introduce end-to-end encryption for RCS messaging between iPhone and Android users.
- The feature arrives nearly three years after Google pressured Apple to adopt RCS and abandon SMS.
- Encryption will be automatic—no user toggle required—when both parties use RCS-compatible clients.
- This update effectively renders SMS obsolete for secure communication between major platforms.
- Signal and WhatsApp remain more private due to metadata handling, but RCS now matches them on transport security.
Three Years Late, But Finally Secure
For years, Google pushed for Apple to adopt RCS as the global standard to replace SMS. Apple resisted—until January 2024, when it quietly confirmed iOS support would arrive “within the next two product cycles.” May 05, 2026, is the day that promise becomes reality. Not through a fanfare keynote or cryptic teaser, but a single line in an iOS 26.5 beta release note: “RCS messages are now end-to-end encrypted when sent to supported Android devices.”
That sentence is seismic. It means that when an iPhone user texts an Android contact using RCS, the message is encrypted from device to device—with no plaintext exposure on carrier networks or Apple’s servers. That wasn’t true before. Until now, RCS messages between platforms were sent in cleartext or with only transport-layer encryption, leaving them vulnerable to interception.
The Bigger Picture: How This Change Impacts the Industry
The shift to end-to-end encryption for RCS is more than just a technological advance; it marks a significant shift in the messaging industry’s competitive landscape. Google, which has long advocated for RCS as a global standard, is likely to see a boost in adoption as cross-platform messaging becomes more secure. Facebook, which owns WhatsApp, may also benefit from the increased focus on end-to-end encryption. Meanwhile, messaging apps like Signal and Telegram, which have built their businesses around strong encryption, will need to adapt to a new landscape where encryption is no longer a differentiator.
Why This Matters Beyond Compatibility
It’s tempting to frame this as just a compatibility fix—an interoperability checkbox. But it’s more than that. It’s a privacy reckoning.
The SMS Problem Was Never Just About Features
SMS has long been a security disaster. No encryption. No authentication. Prone to spoofing, interception, and SIM-swapping attacks. Carriers can—and do—log message metadata indefinitely. Governments request it. Hackers exploit it. And until now, every time an iPhone user texted an Android contact, they defaulted to either SMS or unencrypted RCS.
- RCS without encryption still leaks message content to carriers.
- SMS is vulnerable to SS7 attacks, which let attackers intercept texts globally.
- Over 80% of cross-platform messages between iOS and Android in the U.S. were sent via unencrypted channels as of Q1 2025 (per The Verge’s carrier survey).
- Apple’s delayed RCS adoption preserved iMessage lock-in but exposed users to avoidable risk.
Now, with end-to-end encryption enabled by default in iOS 26.5, that exposure ends—if both devices support modern RCS profiles. The GSM Association confirmed that all major Android OEMs have updated their RCS implementations to support encryption since late 2025.
How the Encryption Works (And Where It Doesn’t)
The implementation follows the Universal Profile 3.0 standard, using the same Signal Protocol-based encryption that powers WhatsApp and Google Messages’ encrypted chats. Keys are generated and stored locally. Apple does not have access to decryption keys. Messages are encrypted before they leave the device.
No Fallback to SMS—That’s the Point
One subtle but critical detail: iOS 26.5 disables SMS fallback when RCS encryption is available. If the recipient’s device doesn’t support encrypted RCS, the message won’t send at all—instead, the user sees a warning: “Cannot send securely to this device. Update their phone or use another app.”
That’s a deliberate break from the past. Previously, iOS would silently fall back to SMS if MMS or RCS failed, creating a false sense of delivery while sacrificing security. Now, security takes precedence. You’ll know when a message isn’t encrypted—because it won’t send.
But there are limits. Group messages with mixed iOS and Android participants still don’t support end-to-end encryption. Media messages over 100MB may be uploaded to carrier CDNs without encryption. And delivery receipts—those little “delivered” pings—are sent in plaintext, which leaks metadata about user behavior.
Apple’s Privacy Posture Just Got More Complicated
Here’s the irony: Apple has spent over a decade branding itself as the privacy leader. Its ads mocked Android for being insecure. Its keynote slides highlighted data harvesting. And yet, for years, it allowed unencrypted messaging between iPhone and Android users—while quietly benefiting from iMessage’s network effects.
That wasn’t a technical oversight. It was a business calculation. Every green bubble was a tiny nudge toward keeping friends and family in the Apple ecosystem. If your group chat turned green when someone joined on Android, you felt it—the degraded quality, the missing effects, the lack of encryption.
Now, that lever is gone. With encrypted RCS, the experience between iOS and Android is nearly smooth. No more green bubbles—just blue, encrypted messages, feature parity on read receipts, typing indicators, and high-res media sharing.
Apple didn’t do this out of charity. It did it because it had to. Regulators in the EU and UK have been investigating Apple’s messaging practices under the Digital Markets Act. The European Commission warned in December 2025 that “gatekeepers cannot degrade interoperability to favor proprietary services.” Apple’s shift isn’t just technical—it’s compliance.
The Future of Messaging: Implications for Developers and Users
If you’re a developer building messaging features, this changes your threat model. You can no longer assume cross-platform messages are insecure by default. Any app relying on SMS for 2FA or alerts needs to reevaluate. SMS is dead as a secure channel. Push-based authentication or app-specific codes are now mandatory for real security.
For builders working on communication platforms, the bar has shifted. End-to-end encryption is no longer a differentiator—it’s table stakes. Even carrier-based messaging now meets that standard. If your product doesn’t encrypt by default, you’re exposing users and inviting regulatory scrutiny.
And here’s the real question: if RCS with end-to-end encryption works across platforms, why do we still need so many messaging apps? WhatsApp, Signal, Telegram—each built walls on the premise that SMS and carrier messaging were inherently broken. Now the carriers, pushed by Google and finally followed by Apple, have fixed it. The infrastructure is secure. The standard is open. The adoption is global.
Regulatory Scrutiny and the Digital Markets Act
Apple’s decision to enable end-to-end encryption for RCS is likely to draw closer scrutiny from regulators in the EU and UK. The European Commission has been investigating Apple’s messaging practices under the Digital Markets Act, which aims to promote interoperability and prevent gatekeepers from degrading standards to favor proprietary services. With encrypted RCS now a reality, regulators may push for greater transparency and compliance from Apple and other messaging providers.
For users, this means greater security and protection for their personal data. For developers, it means a new set of challenges and opportunities in the messaging space. And for the industry as a whole, it marks a significant shift toward greater interoperability and security.
What This Means For You
Now that RCS with end-to-end encryption is available, what does it mean for you? If you’re an iPhone user, you can finally send secure messages to Android contacts without the need for a third-party app. If you’re an Android user, you can enjoy the same level of security and feature parity with iPhone users. And if you’re a developer, you need to rethink your messaging strategy and prioritize end-to-end encryption to stay ahead in a rapidly changing landscape.
Sources: Engadget, The Verge
