Question
How secure is RCS messaging between iOS and Android devices? Will the upcoming iOS 26 release bring end-to-end encryption for business and end-user messages?
Applies To
- Rich Communication Services
- Messaging
Answer
Current Encryption for RCS Messaging
- In Transit Protection Only:
At present (as of July 2025), RCS (Rich Communication Services) messages exchanged between iOS and Android users—including those sent in business-to-consumer scenarios—are only encrypted while they travel over the internet from sender to recipient. This means that while the message cannot be read by third parties as it moves through the network, it could be accessed once it reaches a server or carrier system, since it is not protected with end-to-end encryption (E2EE).
iOS 26 and RCS Encryption Status
- iOS 26 Beta:
Even in the current iOS 26 beta, RCS messages are not fully end-to-end encrypted. Messages may remain vulnerable during delivery between platforms. - RCS Universal Profile Support:
End-to-end encryption for RCS is defined in the Universal Profile 3.0 specification. However, Apple currently supports Universal Profile 2.4 in its iOS implementation. Full support for end-to-end encryption is expected only when Apple adopts Universal Profile 3.0, which may appear in a later iOS 26 release or in a future update.
Key Points:
- No End-to-End Encryption Yet:
Whether you’re a business or an end user, RCS messages exchanged between iOS and Android are not currently protected by E2EE. This means intermediaries like servers or carriers could potentially access message content. - Apple’s Plans:
Apple has indicated it will enable support for true E2EE in the future, but no fixed date or iOS version has been promised. - Business Implications:
Businesses using RCS to communicate with customers should be aware that while RCS improves messaging security over SMS, it does not yet provide full confidentiality between endpoints across all platforms.
Summary Table
| Scenario | Encryption Type | E2EE Status |
| Android ↔ Android (personal chat) | In transit and E2EE* | Supported* |
| Android ↔ iOS / iOS ↔ Android (current) | In transit only | Not enabled |
| Business ↔ End User (Android/iOS, current) | In transit only | Not enabled |
| Future iOS (post-profile 3.0 adoption) | TBD (depends on update) | Planned, no timeline |
Takeaway
RCS messaging currently secures your conversations in transit but does not offer full end-to-end encryption between iOS and Android, especially in business messaging. Apple’s future roadmap includes support for Universal Profile 3.0, which could introduce E2EE, but until then, businesses and users should be aware of the present security limitations.
Related to:
Articles in this section
- RCS Encryption Between iOS and Android—Current State and Future Expectations
- How can I check if RCS (Rich Communication Services) is active on my device?
- iMessage: Apple's Exclusive Messaging Service
- RCS Messaging: Do You Need Mobile Data?
- Understanding Google Guest Cloud
- RCS Features: Compatibility Between Android and Apple Devices
- How RCS Stands Out Among SMS, MMS, and WhatsApp: A Comparative Analysis
- Data Storage for Google RBM
- Limitations on the Number of Agents per Brand
- Guidelines for Using Sender IDs with RCS Agents