Finished reading? Continue your journey in Tech with these hand-picked guides and tutorials.
Boost your workflow with our browser-based tools
Share your expertise with our readers. TrueSolvers accepts in-depth, independently researched articles on technology, AI, and software development from qualified contributors.
TrueSolvers is an independent technology publisher with a professional editorial team. Every article is independently researched, sourced from primary documentation, and cross-checked before publication.
Apple and Google began testing end-to-end encryption for messages exchanged between iPhone and Android devices on February 23, 2026. This capability addresses a privacy vulnerability that has existed since iMessage launched in 2011. When iPhone users message Android contacts, those conversations have traveled across networks without encryption protection. The new encrypted RCS implementation changes that fundamental security gap.
For fifteen years, encrypted RCS messaging between iPhones and Android devices simply did not exist. Every message sent across that platform divide traveled unencrypted across carrier networks, readable in principle by any party with network access. iMessage delivered end-to-end encryption for conversations between Apple devices from the start, and Google extended the same protection to Android-to-Android RCS chats. But neither company's encryption followed users across the divide.
That gap turned from a technical footnote into a national security matter when the Salt Typhoon campaign came to light in late 2024. Chinese state-sponsored hackers had penetrated the networks of AT&T, Verizon, and Lumen Technologies, accessing call records and, in some cases, live calls of targeted individuals. In December 2024, CISA Executive Assistant Director Jeff Greene responded by publicly advising Americans to switch to encrypted messaging apps, with WhatsApp and Signal among the recommended options for cross-platform communication. The underlying problem Greene was responding to was precisely the one encrypted RCS is now designed to solve.
The technical foundation came together quickly after that. The GSMA published RCS Universal Profile 3.0 in March 2025, incorporating end-to-end encryption as a core feature of the standard. Apple committed to support it. Google committed to support it. Testing began in iOS 26.3 betas with carrier-configuration infrastructure, then expanded in iOS 26.4 beta 1 to iPhone-to-iPhone scenarios with iMessage disabled. On February 23, 2026, iOS 26.4 beta 2 opened encrypted RCS testing to cross-platform conversations between iPhones and Android devices for the first time.
Apple and Google had been slow to coordinate on RCS interoperability for years — and then both companies were publicly committed to a shared encryption standard within three months of a federal security warning. The December 2024 CISA guidance and the March 2025 UP 3.0 announcement sit that close together. The sequence from Salt Typhoon to GSMA publication to joint commitment suggests the breach functioned as an accelerant, compressing a timeline that the EU's Digital Markets Act interoperability requirements alone had not managed to compress.
The encryption at the center of UP 3.0 is the Messaging Layer Security protocol, an officially ratified IETF standard. MLS was purpose-built to solve problems that earlier group encryption schemes handled poorly, particularly the challenge of encrypting group conversations efficiently without requiring a separate encryption operation per recipient.
Each message session uses fresh cryptographic keys. If an attacker later compromises one key, it gives them no access to prior messages. Past conversations remain sealed even if a future device is breached.
When a device is compromised, MLS allows the system to recover security in subsequent messages. Attacks that succeed once do not grant indefinite access to an ongoing conversation.
Parties do not need to be simultaneously online to set up an encrypted session. MLS handles key negotiation asynchronously, which is essential for mobile devices that are frequently offline. The protocol scales from two-person chats all the way to groups with tens of thousands of participants.
The protocol handles both message content and file attachments. When an encrypted RCS message leaves an iPhone, it arrives at the carrier network already encrypted and remains unreadable until it reaches the recipient's Android device. No carrier, no intermediate server, and neither Apple nor Google can read the content in transit.
Google's existing RCS encryption used the Signal protocol within Google Messages — a setup that does not extend to iOS Messages users or users of other RCS clients on Android. That bilateral arrangement is what UP 3.0 replaces. GSMA Technical Director Tom Van Pelt stated that RCS is the first large-scale messaging service to support interoperable end-to-end encryption between client implementations from different providers. MLS is the reason: any conformant RCS client from any provider can establish an encrypted session with any other.
On an iPhone running the beta, an encrypted RCS conversation displays a lock icon alongside an "RCS | Encrypted" badge above the message input field. Google Messages shows the same lock icon previously used for Android-to-Android encrypted chats. Green bubbles stay green; the visual distinction between RCS and iMessage remains. What changes is that those green-bubble conversations now carry real cryptographic protection.
One nuance worth understanding: iMessage on the same iPhone uses Apple's PQ3 protocol, a post-quantum cryptographic system distinct from MLS. Apple is running two separate encryption architectures on the same device: PQ3 for iPhone-to-iPhone iMessage, MLS for cross-platform RCS. This dual-protocol approach reflects deeper architectural differences in how iOS and Android have approached messaging security over the years; UP 3.0 is where those separate approaches finally converge on a shared standard.
Two categories of exposure remain unremedied by UP 3.0 that most coverage skips over.
The first is metadata. The encryption covers message content and file attachments during transit. It does not cover the communications metadata that carriers retain: which devices communicated, at what times, and how frequently. Carriers can still observe the shape of your conversation history even when they cannot read it. For the vast majority of users, content encryption is what matters. But for journalists, legal professionals, activists, or anyone with a threat model that includes carrier-level surveillance, the metadata gap is meaningful. Signal is engineered from the ground up to minimize metadata collection; encrypted RCS does not attempt to match that.
The second category is RCS Business Messaging. The commercial messaging layer that brands use to send shipping confirmations, appointment reminders, and promotional messages operates outside the UP 3.0 E2EE framework. Those messages remain unencrypted under the current specification. The encryption applies to person-to-person conversations and group chats between users.
Neither of these limitations diminishes what UP 3.0 delivers for the ordinary user's daily conversations. They do clarify that encrypted RCS is an upgrade to the default messaging experience, not a Signal replacement.
Testing requires current beta software on both sides and carrier support for the feature.
Install iOS 26.4 beta 2, then navigate to Settings, then Messages, then RCS Messaging. The "End-to-End Encryption (Beta)" toggle appears there and is enabled by default. No additional configuration is required if your carrier supports the beta feature. The same encryption is coming to iPadOS, macOS, and watchOS 26 in future releases.
Join the Google Messages beta program and install the latest beta version. RCS must be enabled in the app settings. No additional toggle is required once beta access is active.
Both setups depend on carrier support. Apple's developer notes for the beta warn of potential message delivery failures, service interruptions, and other instability during testing. The feature is explicitly flagged as not shipping in the iOS 26.4 final release; it will arrive in a later iOS 26 update where it will be default-on for all eligible users.
The GSMA published UP 3.0 in March 2025 and had already released a follow-on version of the specification within months. Yet as of the iOS 26.3 beta cycle in early 2026, no carriers had yet activated end-to-end encryption through their carrier bundles. Standards are moving faster than implementations. The readiness situation is not encouraging in the short term. Apple maintains a carrier support list where users can check whether their carrier has enabled the feature.
End-to-end encrypted cross-platform messaging already existed before February 2026. WhatsApp has had it for years. Signal has had it for years. The reason billions of cross-platform conversations still traveled unencrypted was not a lack of encryption technology; it was a coordination problem. Both parties have to install the same app. For users communicating with contacts who will never download Signal and are not on WhatsApp, those encryption options did not exist in practice.
Encrypted RCS addresses that problem at the infrastructure level. It operates within the Messages apps that come pre-installed on every iPhone and Android device. There is no app to install, no account to create, no link to send a contact asking them to switch. The encryption is simply present, or it is not, based on whether both devices and their carriers support the feature.
The GSMA's UP 3.0 specification strengthens this with a market-level default-on requirement. Under specification R5-43-1, RCS providers must enable end-to-end encryption by default for all users in a given market unless local regulation expressly prohibits it, and cannot enable or disable it for a subset of users within that market. That requirement means encrypted RCS, once carriers activate it, will not be an opt-in feature that tech-savvy users enable while everyone else sends unencrypted messages. It becomes default infrastructure.
Apple's commitment is made. Google's commitment is made. Both are in active beta testing. The open variable is how quickly carriers update their infrastructure to support UP 3.0, and neither Apple nor Google controls that timeline. The FBI's December 2024 guidance recommended encrypted apps for cross-platform conversations and named WhatsApp and Signal because those were the options available at the time. When encrypted RCS reaches general availability, the default messaging apps on both platforms will provide that same fundamental protection, without requiring any user to change their habits or persuade a contact to switch platforms. The practical effect will reach far beyond the users who ever installed a dedicated secure messaging app.
Do green bubbles change to blue once encrypted RCS is active? No. Encrypted RCS conversations remain green bubbles in iOS Messages. The blue-bubble distinction is tied to iMessage, not to whether a conversation is encrypted. A lock icon and "RCS | Encrypted" badge indicate an encrypted session.
Will encrypted RCS work on older iPhone models? Encrypted RCS requires iOS 26, which means it is limited to devices that can run iOS 26. Apple has not published a specific compatibility list for the encryption feature beyond the iOS 26 requirement. Older devices that cannot update to iOS 26 will continue using standard RCS or SMS without encryption for cross-platform conversations.
When will encrypted RCS leave beta and reach regular users? Apple has confirmed it will not ship in iOS 26.4's final release. The feature is expected in a future iOS 26 update with no specific date announced. General availability also depends on carrier adoption of UP 3.0 infrastructure, which as of early 2026 had not yet activated for any carrier.
Does encrypted RCS work in group chats? The MLS protocol that powers UP 3.0 is designed for group messaging and scales efficiently to large groups. Whether group chats between mixed iPhone and Android users fully support end-to-end encryption during the beta is subject to the same carrier and device requirements as one-to-one conversations.