iPhone-to-Android texts are finally encrypted. Here's what that actually means.

iOS 26.5 shipped today, and tucked into the release notes is the biggest cross-platform messaging update in almost two decades: end-to-end encrypted RCS between iPhone and Android!

It's quite simple: every text between a green bubble and a blue bubble has either been plain SMS or unencrypted RCS—meaning the contents of everything you send are fully visible to carriers, network operators, and anyone with access to the infrastructure in between. But as of today, if you're on an iPhone running 26.5 and your friend is on Google Messages, your conversation's contents are protected end-to-end.

That's worth celebrating. Loudly. This is the kind of quiet default improvement that helps millions of people who'll never install Signal, never read a privacy guide, never think about their threat model. It's the closest thing texting has had to HTTPS becoming default on the web.

But, it's not all sunshines and rainbows...here are a couple things the headlines are missing:

• What this encryption actually protects: This matters a lot. The contents of your messages are sealed. The metadata isn't: who you texted, when, how often, group membership, attachment sizes. That's still flowing through corporate infrastructure, the same way it always has. This makes RCS + E2EE not a full replacement to dedicated security messengers that prioritize user safety.
• Who gets to participate matters even more. On iOS, only Apple Messages can use this, which is expected. On Android, there seems to be no indication of third-party SMS apps and the open-source alternatives on F-Droid getting access to things, as Google is maintaining control. The protocol underneath (MLS via GSMA) is technically open. But the client apps that implement it are a two-vendor club: Apple Messages and Google Messages. That's the list right now.

So the right way to think about today: this is a floor, not a ceiling. It raises the baseline for billions of conversations that had no protection at all. But it doesn't replace Signal for the conversations where metadata and client diversity matter most.

As for me: I'm not a frequent user of SMS or RCS. I use Signal, and when I need to use these tools I rely on VOIP services under an 'I expect this to be public' basis. I don't foresee myself using E2EE via RCS any time soon until it opens up to other clients. But I know for a fact that most regular users will accidentally stumble on RCS with E2EE when they chat with a new friend who happens to be on the opposite mobile OS—and I'm very excited for these situations!

I've got the full breakdown, what's worth celebrating, what's worth watching, and what I'm personally doing about this over on YouTube:

Written by

Share

Copied