From SMS Weak Spot to Encrypted RCS by Default
iOS 26.5 marks a turning point for iPhone–Android texting security by making Rich Communication Services (RCS) chats end-to-end encrypted by default. Until now, cross-platform conversations often fell back to legacy SMS, which lacks modern protections and leaves messages exposed in transit. Apple’s new implementation, developed alongside Google and the GSMA RCS Working Group, upgrades those green-bubble threads to a modern, internet-based protocol that supports encryption, high-resolution media, typing indicators, and read receipts. Crucially, the new end-to-end encrypted messaging layer means RCS messages are scrambled on the sender’s device and only decrypted on the recipient’s device, preventing carriers, platform providers, or intermediaries from reading their contents. Apple notes that users will see a new lock icon and an “Encrypted” label in compatible RCS chats, while Google Messages surfaces a similar padlock indicator to signal when cross-platform conversations are protected.
How iOS 26.5’s RCS Encryption Actually Works in Practice
Under iOS 26.5, encrypted RCS requires two main ingredients: an iPhone running the latest software on a supported carrier and an Android device using the newest Google Messages app. When those conditions are met, RCS traffic between the devices is automatically upgraded to end-to-end encrypted messaging with no extra setup. Apple explains that encrypted RCS messages cannot be read while they’re transmitted between devices, and Google adds that each secure chat includes a unique verification code that must match on both phones to confirm authenticity. Users can visually confirm protection through interface cues: Apple labels these threads as “Text Message · RCS | Encrypted,” and Google overlays a lock icon in the chat window. Unlike earlier iOS 26.4 betas that briefly exposed E2EE only in limited configurations, iOS 26.5 reintroduces encryption as a default behavior for both new and existing RCS conversations, significantly reducing the chance of accidentally falling back to insecure SMS.
Large-Scale Testing Signals the End of Cross-Platform Weak Links
Apple is treating encrypted RCS in iOS 26.5 as a large-scale public beta, rolling it out in phases through participating carriers. The company first experimented with end-to-end encrypted RCS messaging in early iOS 26.4 developer builds, initially restricting tests to iPhones with iMessage disabled before opening limited cross-platform trials. With the latest release, those experiments are evolving into broad, real-world testing that includes both new and existing chats, automatically enabling encryption whenever RCS conditions are met. Apple and Google emphasize that this rollout is the product of close, cross-industry collaboration, built on the GSMA’s RCS Universal Profile and its newer encryption specifications. For users, that means the long-standing security disparity between blue-bubble iMessage threads and green-bubble cross-platform texts is finally narrowing. Instead of relying on unsecured SMS for iPhone–Android communication, many everyday conversations will now inherit protections comparable to modern messaging apps.
What iPhone and Android Users Should Expect Next
For everyday users, the most immediate change is subtle: familiar SMS-style conversations between iPhone and Android devices may start showing lock icons and “Encrypted” labels as carriers and updates roll out. There’s no new setting to toggle—iOS 26.5 enables RCS encryption by default wherever supported, and Google Messages does the same on Android. However, the feature’s beta status means not every carrier or region will support it on day one, and some chats may still fall back to SMS if RCS isn’t available. Beyond messaging, iOS 26.5 also ships with fixes for more than 50 vulnerabilities across components like AppleJPEG, ImageIO, Kernel, mDNSResponder, and WebKit, reinforcing Apple’s broader security posture. As the RCS encryption rollout matures, iPhone–Android texting security should become more consistent, giving users greater confidence that cross-platform conversations—once a clear weak link—are now protected by strong, end-to-end encrypted messaging by design.