9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.
Earlier this year, Apple announced that it was leading the charge on a cross-industry effort to bring end-to-end encryption (E2EE) to the RCS Universal Profile, which is published by the GSMA. Apple told 9to5Mac in March it would come to the iPhone in a future software update. Google soon after jumped in, stating it too was ‘committed to providing a secure messaging experience.’
I didn’t think it was completely unreasonable to assume we’d see this showcased at WWDC 2025…that didn’t happen. Then I thought maybe in one of the iOS 26 betas? Also nothing. So, what happened to cross-platform E2EE for RCS messaging? Is it still coming?
With this capability incorporated into the standard, all Rich Communication Standard (RCS) messaging between iPhone and Android users would be completely unreadable to backend intermediaries—its contents encrypted, scrambled into gibberish, and only unlockable with the decryption key stored on the user devices. Huge for user privacy.
Since the release of iOS 18 beta 2 in June, Apple has added RCS support, allowing iPhone users to finally send rich messages with audio and larger media files to Android users who aren’t using iMessage. It was a welcoming move for people with parents who refuse to get an iPhone. Unlike the industry standard SMS, RCS offers familiar features such as read receipts and the classic typing indication animation, but it also adds the ability to vastly improve privacy and security.
The keyword is “ability.”
There’s a common misconception that RCS comes with end-to-end encryption (E2EE) baked in, but that’s not the case. Google’s Messages app, one of the most widely used RCS clients, offers E2EE between Android devices as an extra layer of security for those using the service. This is similar to how iMessage provides E2EE exclusively between Apple devices.
When an iPhone communicates with a non-Apple device via RCS, messages are only encrypted in transit using transport-layer encryption (like TLS). While this protects against basic interception during transmission, it doesn’t guarantee messages cannot still be accessible server-side, unlike E2EE, where only the sender and recipient can read the content.
... continue reading