Apple's iOS 26.5 beta, seeded to developers and public beta testers earlier this month, enables end-to-end encryption for one-on-one RCS conversations between iPhones and Android devices. The encryption appears on by default. No settings change required. But the protection only applies when the Android side is running a messaging client that supports the GSMA's cross-platform encryption standard, and the Messages app will show whether any given conversation qualifies.
That condition matters more than the headline. An RCS chat and an encrypted RCS chat look identical until you know where to check.
Why this is new ground
Apple brought RCS support to iPhones with iOS 18, roughly 18 months ago, replacing the aging SMS/MMS standard for cross-platform messaging. The upgrade delivered typing indicators, higher-quality media sharing, and read receipts to iPhone-Android conversations. What it didn't deliver was encryption. iPhone-to-Android messages under that initial rollout remained readable to carriers and anyone intercepting traffic in transit.
That was the gap security researchers had been flagging. The Electronic Frontier Foundation characterizes unencrypted RCS as a false upgrade, a modern protocol interface sitting on top of the same fundamental exposure as SMS. The interface changed; the underlying risk didn't.
The missing piece was a finalized interoperability standard. The GSMA, the industry body that governs the RCS protocol, published a specification enabling iPhones and Android devices to exchange encryption keys directly, without Apple or Google sitting in the middle controlling the infrastructure. That standard is the technical prerequisite for cross-platform end-to-end encryption. It wasn't finalized when iOS 18 launched, which is why encryption is arriving now as a follow-on rather than a day-one feature.
Google Messages had already implemented end-to-end encryption for Android-to-Android RCS conversations. But that implementation operated within Google's own infrastructure and didn't extend to iPhones. The GSMA's cross-platform specification is what makes key exchange between the two ecosystems possible without either company acting as the intermediary. iOS 26.5 is Apple's implementation of that spec.
How to confirm a chat is encrypted
When iOS 26.5 reaches general release, the Messages app will indicate whether end-to-end encryption is active in a given conversation. Apple and early reports suggest the indicator will appear in the conversation view itself rather than requiring users to navigate into settings, though the exact placement of the icon or label should be confirmed once the final build ships.
The indicator is doing real work. A conversation can use RCS without being encrypted. The protocol and the protection are related but not the same thing. An RCS chat that loads normally, shows typing indicators, and delivers read receipts may still be traveling unprotected if the contact's Android messaging app hasn't adopted the GSMA's cross-platform encryption standard.
If the indicator is absent after updating to iOS 26.5, the most likely explanation is that the Android contact's app doesn't support the required spec. Those clients will fall back to unencrypted RCS or standard SMS, per the GSMA standard. The conversation continues, but without the protection. The practical guidance is simple: check for the indicator before sending anything sensitive. If it's not there, treat the conversation as unprotected regardless of what protocol it's running on.
What the encryption covers and where it stops
For one-on-one conversations between an iPhone on iOS 26.5 and an Android device running a compatible client, end-to-end encryption covers message content, photos, videos, and file attachments in transit. The content is readable only by the sender and recipient, not by Apple and not by the carrier.
Group chats are a current reported limitation. A conversation that includes even one Android contact doesn't receive this protection under the current update. Apple has not announced a timeline for extending encrypted RCS to group conversations. Until that changes, any cross-platform group thread should be treated as unencrypted.
Metadata is out of scope entirely. Who messaged whom, when, and how often remains visible to carriers and platform operators. The Electronic Frontier Foundation has noted this as a structural limit of both RCS and iMessage, not something any content-layer encryption update changes. If metadata exposure is a concern, a dedicated secure messaging app with its own metadata protections is a different category of solution.
The practical picture: one-on-one conversations with Android contacts running updated, standards-compliant clients get genuine protection. Group chats, contacts on older Android versions, and anyone using a messaging app that hasn't adopted the current RCS encryption spec do not. That covers a significant portion of real-world cross-platform conversations. The ecosystem will need time to catch up.
Why the timing carries extra weight
The risks of leaving this gap open moved from theoretical to documented. State-sponsored hackers linked to the Salt Typhoon campaign breached U.S. carrier networks and intercepted communications in transit, CISA reported. That attack exploited exactly the kind of exposure that unencrypted carrier-routed messaging leaves open. The breach didn't cause Apple to build this feature, but it illustrated the stakes of in-transit interception at scale.
iMessage has carried end-to-end encryption since 2011. iPhone-to-iPhone conversations have had that baseline for well over a decade. Cross-platform RCS encryption, now arriving in iOS 26.5 beta, brings comparable content protection to a category of conversation that has never had it. The privacy gap between blue-bubble and green-bubble threads is narrower than it has ever been, though the two systems remain architecturally separate and the protection is not yet universal across all cross-platform chats.
What changes now, what doesn't
For one-on-one conversations between a fully updated iPhone and a compatible Android client, this is a substantive shift. Messages that would have been readable to anyone with carrier access are now encrypted end-to-end with nothing for users to configure.
The limits are real and worth keeping in mind. Group chats are unprotected. Android users on older app versions or non-compliant clients don't qualify. Metadata exposure continues across all RCS conversations. And none of this applies until iOS 26.5 reaches general release, which hasn't happened yet.
The encryption indicator in Messages is the signal to watch. Present means the conversation is protected. Absent means it isn't, whatever the protocol label says.
Comments
Be the first, drop a comment!