iOS 26.5 Brings Default End-to-End Encrypted RCS Messaging Between iPhone and Android
Apple iOS 26.5 enables end-to-end encrypted RCS messaging by default across iPhone and Android devices.
Summary
Apple released iOS 26.5 with default end-to-end encryption (E2EE) support for Rich Communication Services (RCS) messaging, rolling out to iPhone users on iOS 26.5 and Android users on the latest Google Messages. The feature, developed through cross-industry collaboration between Apple, Google, and the GSMA, displays a lock icon to indicate encrypted conversations and represents an effort to replace traditional SMS with a more secure alternative. The update also patches over 50 vulnerabilities including flaws in AppleJPEG, ImageIO, Kernel, mDNSResponder, and WebKit.
Full text
iOS 26.5 Brings Default End-to-End Encrypted RCS Messaging Between iPhone and Android Ravie LakshmananMay 12, 2026Encryption / Mobile Security Apple on Monday officially released iOS 26.5 with support for end-to-end encryption (E2EE) to Rich Communication Services (RCS) in beta as part of a "cross-industry effort" to replace traditional SMS with a more secure alternative. To that end, E2EE RCS messaging is rolling out to iPhone users running iOS 26.5 with supported carriers and Android users on the latest version of Google Messages. The feature is enabled by default for both new and existing conversations in both platforms. RCS is a modern, internet-based messaging protocol that allows Android and iPhone users to send high-resolution photos and videos, see typing indicators, and receive read receipts, features all typically present in instant messaging apps. It is built on an industry specification called the RCS Universal Profile. "When RCS messages are end-to-end encrypted, they can't be read while they're sent between devices," Apple said in a statement. "Users will know that a conversation is end-to-end encrypted when they see a new lock icon in their RCS chats." Apple began testing with E2EE in RCS messages in iOS and iPadOS 26.4 Beta, initially limiting it to only conversations between Apple devices. In early 2025, the GSM Association (GSMA) announced support for E2EE for safeguarding messages sent via the RCS protocol. In a similar statement, Google said Google Messages for Android users will see a padlock icon to indicate that the cross-platform conversation is end-to-end encrypted. "This welcome progress is the result of close, cross‑industry collaboration between the GSMA RCS Working Group, including Apple, Google, and the wider mobile ecosystem," Alex Sinclair, chief technology officer at GSMA, said. "Crucially, the new secure services are being delivered on an open, globally recognised foundation." The latest updates also come with fixes for over 50 vulnerabilities in iOS and iPadOS, including various flaws in AppleJPEG, ImageIO, Kernel, mDNSResponder, and WebKit that could be exploited to leak sensitive information, a denial-of-service (DoS), or result in unexpected system termination. Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post. SHARE Tweet Share Share Share SHARE Android, Apple, cybersecurity, end-to-end encryption, Google, GSMA, iOS, mobile security, RCS Messaging ⚡ Top Stories This Week Ollama Out-of-Bounds Read Vulnerability Allows Remote Process Memory Leak Four OpenClaw Flaws Enable Data Theft, Privilege Escalation, and Persistence On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email Cisco Catalyst SD-WAN Controller Auth Bypass Actively Exploited to Gain Admin Access ThreatsDay Bulletin: PAN-OS RCE, Mythos cURL Bug, AI Tokenizer Attacks, and 10+ Stories Windows Zero-Days Expose BitLocker Bypasses And CTFMON Privilege Escalation New Fragnesia Linux Kernel LPE Grants Root Access via Page Cache Corruption 18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCE Microsoft's MDASH AI System Finds 16 Windows Flaws Fixed in Patch Tuesday [Webinar] How Modern Attack Paths Cross Code, Pipelines, and Cloud Microsoft Patches 138 Vulnerabilities, Including DNS and Netlogon RCE Flaws New Exim BDAT Vulnerability Exposes GnuTLS Builds to Potential Code Execution Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI and More Packages cPanel CVE-2026-41940 Under Active Exploitation to Deploy Filemanager Backdoor ⚡ Weekly Recap: Linux Rootkit, macOS Crypto Stealer, WebSocket Skimmers and More Hackers Used AI to Develop First Known Zero-Day 2FA Bypass for Mass Exploitation ⭐ Featured Resources [Webinar] Learn How to Handle Critical SOC Alerts With AI Support Identify Internal Attack Surfaces More Efficiently With a Free Assessment [eBook] Get the 3-Number SOC Diagnostic to Reduce Queue Risk [Guide] Stop Email Fraud Before It Turns Into Ransomware Damage