End-to-end encrypted (E2EE) Rich Communication Services (RCS) messaging is being rolled out in beta between iPhone and Android handsets, closing one of the longest-running interoperability gaps in mainstream mobile messaging.
Apple announced the beta rollout on May 11, with Google confirming the matching Android-side rollout.
The feature is available to iPhone users on iOS 26.5 with supported carriers and to Android users on the latest version of Google Messages. Availability is dependent on carrier activation.
Encrypted conversations are marked with a lock icon in the chat interface, an indicator Google Messages has used for some time and that now extends across platforms.
Encryption is enabled by default, and Apple has said it will be applied over time to both new and existing RCS threads.
A Cross-Platform First Built on MLS
The rollout implements the GSM Association’s (GMSA) RCS Universal Profile 3.0 specification, published in March 2025, which defined how to apply the IETF’s Messaging Layer Security (MLS) protocol within the RCS standard.
Until now, encryption protections in RCS had been limited to messages exchanged within a single client. Google Messages users had E2EE conversations with one another using the Signal protocol, but that protection did not extend to RCS threads with iPhone users.
iMessage, which Apple has noted remains E2EE by default between Apple devices, sat on a separate stack entirely.
In a statement, Alex Sinclair, Chief Technology Officer, GSMA, said, “We now encourage our members to leverage these new capabilities and enable more secure RCS messaging for personal and business users worldwide.”
Read more on Apple’s RCS encryption work: Apple Expands RCS Encryption and Memory Protections in iOS 26.4
Implications for Defenders and Smishing Operators
For information security teams, the change shifts the threat surface around mobile messaging in two directions at once.
Communications between an iPhone and an Android handset, previously transmitted with only transport-layer protections, will now be opaque to carriers and to any party intercepting traffic in transit.
The flip side is that carrier-level content inspection becomes harder. Analysts have noted that smishing is increasingly moving toward modern messaging channels such as RCS and iMessage, and E2EE is one factor that makes operator-level content filtering more difficult.
“Encrypted RCS is a real privacy win, and the cross-industry work with Google and the GSMA is the harder achievement worth acknowledging,” said Adam Boynton, senior enterprise strategy manager at Jamf, commenting on the news.
“[However,] impersonation is the fastest-growing threat on mobile. AI-cloned voices and deepfake messages can still bypass technical checks, so we’ve only secured the transit of messages, not the person on either end,” Boynton added.
The wider rollout to iPadOS, macOS and watchOS will follow in future software updates, Apple confirmed.
