Start a project

← All posts

RCS End-to-End Encryption Is Rolling Out Between iPhone and Android

· Dracode · security · ios · android · messaging
A smartphone wrapped in a metal chain secured with a padlock, representing mobile messaging security

The RCS end-to-end encryption rollout

As of this week, Apple and Google have confirmed that RCS end-to-end encryption between iPhones and Android devices is ready to roll out to users. Cross-platform testing began in February 2026 under iOS 26.4 betas; the key exchange now works in both directions at production scale. When the update lands on both sides, a message sent from an iPhone to any Android device running Google Messages will be encrypted in a way that neither Apple, Google, nor a carrier can read.

This is not incremental. For years, SMS and then RCS offered carrier-visible plaintext between platforms. iMessage had E2EE, but only between two Apple devices. Now the gap closes for the majority of smartphone users worldwide.

How MLS makes cross-platform E2EE possible

The encryption uses Messaging Layer Security (MLS), published as IETF RFC 9420 in July 2023. MLS was designed from the ground up for asynchronous, multi-device group messaging — addressing the shortcomings of Signal’s Double Ratchet (great for two devices, awkward at scale) and older protocols that couldn’t handle membership changes without renegotiating the entire session.

Its key security properties:

  • Forward secrecy: Each message uses a fresh derived key. Compromising today’s key cannot decrypt yesterday’s messages.
  • Post-compromise security: After a device is compromised and recovered, the protocol self-heals — future messages are secure even if an attacker held key state momentarily.
  • Efficient group scaling: MLS avoids the n² key-agreement problem that plagued earlier group encryption schemes.

The GSMA formally adopted MLS for RCS in 2024, which is what made cross-carrier, cross-platform E2EE feasible. Both Apple’s Messages and Google Messages implement the same spec rather than each maintaining a proprietary scheme that can’t talk to the other.

Why this took 18 months after Apple added RCS

Apple added RCS support in iOS 18 in September 2024, but E2EE was absent from day one. The reason is architectural: RCS E2EE requires both endpoints to exchange public keys through the carrier or a trusted key server before the first message is sent. Unlike iMessage — which runs entirely on Apple’s own infrastructure and key directory — RCS has to negotiate across Apple’s stack, Google’s stack, and the carrier layer in between.

The February 2026 beta testing was the first time Apple published its MLS key material in a form that Google Messages could consume, and vice versa. Building that key exchange infrastructure across two competing platforms and dozens of carriers took time that the protocol itself did not.

What changes for developers building messaging features

If your app uses native SMS or RCS APIs as a fallback notification or auth channel, the encryption is transparent at the OS layer — you call the API, the OS handles encryption. No code changes required for that case.

Where things get more interesting:

  • OTP and 2FA via SMS: Still plaintext at the network level for users whose carrier has not upgraded to RCS. SMS fallback stays unencrypted. If you’re evaluating RCS as a higher-trust delivery channel for auth codes, that only holds where RCS is active end-to-end.
  • In-app messaging built on RCS APIs: Messages between platforms will now be encrypted. That is a net security win, but it eliminates any server-side ability to inspect or log message bodies through a carrier-level intermediary — something some enterprise architectures have historically relied on.
  • Rich push notification payloads: RCS E2EE encrypts the message body end-to-end, but the push notification envelope — routing metadata, app identifier, notification title — still travels through APNs and FCM in plaintext. The same limitation applies to iMessage. If any part of your pipeline processes notification previews server-side, the body is encrypted but the envelope is not.

At Dracode, most of the products we ship use in-app messaging SDKs rather than native RCS. But for clients where we’ve wired up phone-number-based auth or SMS delivery receipts, this shift is a prompt to evaluate whether RCS is now a viable higher-trust channel — and to revisit the threat models that were written when cross-platform messages were carrier-visible.

The enterprise and MDM wrinkle

MDM solutions — Jamf, Kandji, Microsoft Intune — have historically been able to archive or inspect SMS and MMS traffic on managed devices for compliance purposes. RCS E2EE breaks that model. Encryption happens at the app layer before the OS can hand anything to an MDM hook.

Enterprise deployments in regulated industries (financial services, healthcare, legal) that rely on message archiving will need to rethink this. Secure messaging platforms like Wickr or Microsoft Teams handle it by running their own key escrow for enterprise accounts. Native RCS has no equivalent enterprise key-escrow story today.

This is unlikely to delay consumer rollout, but expect friction from enterprise IT teams and compliance officers. The argument will be familiar: the same fight happened when iMessage launched without an enterprise archiving path in 2011.

What we’re watching

“Ready to roll out” does not mean “everywhere immediately.” Carrier support for RCS itself still varies sharply outside the US, UK, and parts of Europe. Where RCS is not supported, SMS fallback remains unencrypted — the E2EE story only applies to the subset of conversations that run over RCS on both ends.

Longer term, MLS is also under evaluation as a common substrate for cross-platform interoperable messaging — a direction pushed partly by the EU Digital Markets Act’s interoperability requirements. If that plays out, MLS becomes the HTTP of secure messaging: boring infrastructure that everything runs on top of.

The implementation will be credible once independent security researchers get access to both endpoints and verify the key exchange matches the spec. Until then: trust, but verify.

Sources

  1. RCS Encryption Ready to Rollout Between iPhones and Android — Droid Life, May 5 2026
  2. RFC 9420: The Messaging Layer Security (MLS) Protocol — IETF, July 2023
  3. GSMA RCS Security — GSMA
  4. iOS 18 adds RCS support — Apple Newsroom, September 2024