Apple has officially rolled out iOS 26.5, introducing default end-to-end encryption (E2EE) for Rich Communication Services (RCS) messaging — marking a historic shift in cross-platform mobile security. For the first time, iPhone and Android users can exchange messages knowing their conversations are shielded from interception by default.
What Is RCS and Why Does It Matter?
RCS, or Rich Communication Services, is a modern internet-based messaging protocol designed to replace the aging SMS standard. It supports high-resolution photo and video sharing, typing indicators, read receipts, and group messaging features — capabilities that users of iMessage and WhatsApp have long enjoyed. RCS operates under the GSMA’s RCS Universal Profile, an internationally recognised industry specification.
Prior to this update, RCS lacked end-to-end encryption when messages crossed between iPhone and Android devices, leaving cross-platform communications potentially exposed. Traditional SMS has never offered encryption, and even with RCS adoption growing, the absence of E2EE was a glaring security gap.
How E2EE RCS Works in iOS 26.5
With iOS 26.5, Apple has integrated E2EE directly into the RCS messaging layer. This means messages are encrypted on the sender’s device and can only be decrypted by the intended recipient — no carrier, no server, and no third party can read the content in transit.
The feature is enabled by default for both new and existing conversations, requiring no manual configuration from users. A lock icon will appear within RCS chats to visually confirm that end-to-end encryption is active. Apple noted that the E2EE capability is available to iPhone users on iOS 26.5 with supported carriers, and Android users on the latest version of Google Messages.
Google has confirmed that its Google Messages app will display a padlock icon to indicate when a cross-platform conversation is end-to-end encrypted — ensuring users on both sides are informed.
The Industry Collaboration Behind the Feature
This development is the product of years of cross-industry collaboration. In early 2025, the GSM Association (GSMA) officially announced support for E2EE within the RCS protocol specification. Apple began testing the feature in iOS and iPadOS 26.4 Beta, initially limiting encryption to Apple-to-Apple device conversations.
Alex Sinclair, Chief Technology Officer at GSMA, called the rollout a “new milestone for secure cross-platform messaging,” emphasising that the feature is built on an open, globally recognised foundation — not a proprietary solution controlled by any single company.
Security Patches Bundled in iOS 26.5
Beyond the E2EE RCS feature, iOS 26.5 also delivers fixes for over 50 security vulnerabilities affecting iOS and iPadOS. The patched components include AppleJPEG, ImageIO, the Kernel, mDNSResponder, and WebKit. These vulnerabilities ranged in severity and could have been exploited to leak sensitive data, trigger denial-of-service (DoS) conditions, or cause unexpected system termination.
Users are strongly encouraged to update immediately to benefit from both the new encryption capabilities and the critical security patches.
What This Means for You
For everyday users, this update means that texting an Android friend from your iPhone is now genuinely private — a standard that security researchers and privacy advocates have demanded for years. For cybersecurity professionals, this closes a long-standing attack surface in cross-platform mobile communication.
At CyDhaal, we see this as a meaningful step toward a more secure mobile ecosystem. Encryption should be the default, not the exception — and iOS 26.5 finally delivers on that principle for billions of users worldwide.
About the Author
