Apple rolls out default end-to-end encrypted RCS messaging in iOS 26.5

TL;DR — Apple released iOS 26.5 on Monday with end-to-end encryption for RCS messaging enabled by default, available to iPhone users on supported carriers and Android users running the latest Google Messages. The feature, currently in beta, is the result of a cross-industry effort coordinated by the GSMA RCS Working Group to secure messaging between iPhone and Android devices. A lock icon signals when a conversation is encrypted.

What happened

Apple officially released iOS 26.5 with support for end-to-end encryption (E2EE) applied to Rich Communication Services (RCS) messaging in beta status. The rollout includes iPhone users running iOS 26.5 with carrier support and Android users on the latest version of Google Messages. End-to-end encryption is enabled by default for both new and existing conversations on both platforms.

RCS is a modern internet-based messaging protocol that replaces the aging SMS standard. It enables users to exchange high-resolution photos and videos, see typing indicators, and receive read receipts—features common in dedicated messaging applications. The technical foundation for RCS is the RCS Universal Profile, an industry specification maintained by the GSMA.

Apple initiated testing of E2EE for RCS in iOS and iPadOS 26.4 Beta, though that earlier implementation restricted encryption to conversations between Apple devices only. The current iOS 26.5 release extends E2EE across the platform boundary between iPhone and Android, marking a shift in scope.

The feature is not unique to Apple. Google Messages for Android will also display a padlock icon to indicate when a cross-platform conversation is end-to-end encrypted. According to Alex Sinclair, chief technology officer at GSMA, this rollout represents "close, cross-industry collaboration between the GSMA RCS Working Group, including Apple, Google, and the wider mobile ecosystem."

The broader context: in early 2025, the GSMA announced support for E2EE to safeguard messages sent via RCS. The current release fulfills that commitment by bringing encrypted RCS to production, framed as part of a "cross-industry effort" to replace SMS with a more secure alternative.

Why it matters

For developers and system administrators in the MENA region, this deployment represents a significant shift in the default security posture of messaging between the two dominant mobile platforms. Until now, RCS messages—when supported—lacked encryption in transit by default.

The implications are concrete:

End-user confidentiality: Messages sent via RCS between iPhone and Android are no longer readable in plaintext during transit when both devices support E2EE. This closes a gap that SMS never addressed.
Carrier infrastructure: Organizations that rely on carrier-based messaging for alerts, authentication codes, or notifications must understand that RCS now encrypts these flows by default. Legacy SMS fallback behavior and carrier integration patterns may require review.
Enterprise deployment: Administrators managing corporate messaging policies should assess whether E2EE RCS aligns with compliance requirements (data retention, audit trails, key management) or creates new constraints.
Interoperability: The feature works across iPhone and Android only when both endpoints support it. Partial rollout (by carrier on iOS, by app version on Android) means mixed environments will persist during transition.

Affected systems and CVEs

Products:

iOS 26.5
Google Messages (latest version)
RCS Universal Profile

CVEs: No CVE assigned at the time of publication.

(This is a feature deployment, not a vulnerability disclosure.)

What to do

iOS users: Update to iOS 26.5 where available. Verify with your carrier whether E2EE RCS is supported in your region.
Android users: Ensure Google Messages is installed and updated to the latest version.
Administrators: Audit messaging workflows to confirm whether RCS E2EE aligns with your organization's compliance, logging, and audit requirements. Test cross-platform messaging between iPhone and Android to verify lock icon appearance and encryption status.
Security teams: Review incident response procedures to account for the fact that newer RCS conversations may not be readable through carrier-level inspection (if that was part of your monitoring posture).

Open questions

Which specific carriers support E2EE RCS on iPhone at launch. The source refers to "supported carriers" without naming them.
Timeline for moving E2EE RCS from beta to general availability.
Definition of "latest version" of Google Messages required to participate in E2EE RCS conversations.
Whether carriers that do not yet support E2EE RCS will receive the feature, and on what timeline.
Whether users can disable E2EE RCS or whether it is mandatory when both endpoints support it.