9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.
Earlier this year, Apple announced that it was leading the charge on a cross-industry effort to bring end-to-end encryption (E2EE) to the RCS Universal Profile, which is published by the GSMA. Apple told 9to5Mac in March it would come to the iPhone in a future software update. Google soon after jumped in, stating it too was ‘committed to providing a secure messaging experience.’
I didn’t think it was completely unreasonable to assume we’d see this showcased at WWDC 2025…that didn’t happen. Then I thought maybe in one of the iOS 26 betas? Also nothing. So, what happened to cross-platform E2EE for RCS messaging? Is it still coming?
With this capability incorporated into the standard, all Rich Communication Standard (RCS) messaging between iPhone and Android users would be completely unreadable to backend intermediaries—its contents encrypted, scrambled into gibberish, and only unlockable with the decryption key stored on the user devices. Huge for user privacy.
Since the release of iOS 18 beta 2 in June, Apple has added RCS support, allowing iPhone users to finally send rich messages with audio and larger media files to Android users who aren’t using iMessage. It was a welcoming move for people with parents who refuse to get an iPhone. Unlike the industry standard SMS, RCS offers familiar features such as read receipts and the classic typing indication animation, but it also adds the ability to vastly improve privacy and security.
The keyword is “ability.”
There’s a common misconception that RCS comes with end-to-end encryption (E2EE) baked in, but that’s not the case. Google’s Messages app, one of the most widely used RCS clients, offers E2EE between Android devices as an extra layer of security for those using the service. This is similar to how iMessage provides E2EE exclusively between Apple devices.
When an iPhone communicates with a non-Apple device via RCS, messages are only encrypted in transit using transport-layer encryption (like TLS). While this protects against basic interception during transmission, it doesn’t guarantee messages cannot still be accessible server-side, unlike E2EE, where only the sender and recipient can read the content.
It’s still a major improvement over SMS, which sends messages in unencrypted plaintext, making them far more vulnerable to interception. However, without full E2EE, RCS in its current state remains a step below platforms like iMessage or Signal.
In a statement to 9to5Mac in March, Apple said:
End-to-end encryption is a powerful privacy and security technology that iMessage has supported since the beginning, and now we are pleased to have helped lead a cross industry effort to bring end-to-end encryption to the RCS Universal Profile published by the GSMA. We will add support for end-to-end encrypted RCS messages to iOS, iPadOS, macOS, and watchOS in future software updates.
At this point, it feels like one of those industry shifts that just takes time to play out. Standards have to be finalized, and then Apple, Google, carriers, and everyone else in the chain needs to actually implement them. That kind of cross-company collaboration doesn’t happen overnight or, in this case, over a year. If anything, we can continue sleeping well at night, given that both Apple and Google are publicly on board.
Thank you for reading Security Bite is a weekly security-focused column on 9to5Mac. Each week, Arin Waichulis delivers insights on data privacy, uncovers vulnerabilities, and sheds light on emerging threats within Apple’s vast ecosystem of over 2 billion active devices.
F ollow Arin: Twitter/X, LinkedIn, Threads