iPhone-Android RCS Conversations Are End-To-End Encrypted In iOS 26.5 (macrumors.com)
- Reference: 0183186182
- News link: https://it.slashdot.org/story/26/05/11/1834209/iphone-android-rcs-conversations-are-end-to-end-encrypted-in-ios-265
- Source link: https://www.macrumors.com/2026/05/11/ios-26-5-rcs-e2ee-launch/
> Apple says that it worked with Google to lead a cross-industry effort to add E2EE to RCS. iOS users will need iOS 26.5, while Android users will need the latest version of Google Messages. End-to-end encryption is on by default, and there is a toggle for it in the Messages section of the Settings app. Encrypted messages are denoted with a small lock symbol. On iPhones not running iOS 26.5, RCS messages between iPhone and Android users do not have E2EE, but the new update will put Android to iPhone conversations on par with iPhone to iPhone conversations that are encrypted through iMessage.
>
> Along with Google, Apple worked with the GSM Association to implement E2EE for RCS messages. E2EE is part of the RCS Universal Profile 3.0, published with Apple's help and built on the Messaging Layer Security protocol. RCS Universal Profile 3.0 also includes editing and deleting messages, cross-platform Tapback support, and replying to specific messages inline during cross-platform conversations.
[1] https://www.apple.com/newsroom/2026/05/end-to-end-encrypted-rcs-messaging-begins-rolling-out-today-in-beta/
[2] https://www.macrumors.com/2026/05/11/ios-26-5-rcs-e2ee-launch/
Significant (Score:2)
When it's known that there is state-level actors listening across on the wire, end-to-end encryption is a pretty significant step forward, even if it took basically a decade to get here.
Apple's driving consumer behavior on the exclusive "blue bubble" while fighting the adoption of good standards always seemed like 90's Microsoft behavior to me.
Re: (Score:2)
> Apple's driving consumer behavior on the exclusive "blue bubble" while fighting the adoption of good standards always seemed like 90's Microsoft behavior to me.
Well, it wasn't just Apple. Google was cynically playing that tune on repeat for marketing purposes - while not letting anyone on Android who wasn't using Google's own apps to encrypt RCS either.
and the question everyone is asking is (Score:3)
does anyone (govt etc) have back-door access to it?
It seems that lately governments are "insisting" on back-doors into user-encryption, going so far as to bar sales of products to their citizens that they can't just look at anytime they feel like it.
We need to read your texts to stop Terrorism! and Think of the Children!
Re:and the question everyone is asking is (Score:5, Interesting)
Here's the [1]RFC if you want to know implementation details. [ietf.org] But from my understanding the encryption cipher is chosen by the app, there's isn't negotiation, there's continuous group authenticated key exchange, and they are working on newer ciphers like post-quantum.
So the most trust is on the messaging app and if the app is bad, then the E2E implementation is moot anyways when they control an end. But with it not being post-quantum yet, there's still the risk of collect and store until quantum computers get good enough to crack. And if your data is "state-actor shouldn't see" level confidential, then sending as a standard text probably isn't the right choice since the metadata is visible.
[1] https://datatracker.ietf.org/doc/rfc9420/
Re: (Score:1)
Or if you are a sensitive enough target to bother keeping your data long enough to use quantum computers on it.
Re: (Score:2)
quantum computers
These are such BS marketing fluff. It's been decades and IBM shut down their fun little Cloud Quantum experiment where regular people could run simple little sets of gates.
The record for quantum computer size seems to be 6,000 qbits right now, but they can only be held together for a few seconds at most. I don't think quantum computers will become a reality any time soon, and there is still a considerable debate on if some of these more advanced quantum gate based algorithms can
Re: (Score:3)
Let me know when there's an RFC or protocol that eliminates human stupidity.
Re: (Score:2)
> Let me know when there's an RFC or protocol that eliminates human stupidity.
Well we objectively had less stupidity back when we had DEI hires instead of DUI hires.
Re: and the question everyone is asking is (Score:1)
Of course the gov has access. Read up on Snowdon.
Anyone have an E2EE over SMS protocol? (Score:1)
In principle, I can send your phone arbitrary unlimited data using just SMS, subject only to rate-limiting and management of dropped, delayed, or out-of-order SMS messages.
If I have your public key, I can send it to you encrypted.
In practice, I don't know if such a thing exists.
Re: (Score:2)
OTR might be small enough.
The Axolotl Ratchet is much better but perhaps too big for SMS.
TextSecure probably would have offered it were that feasible.
Of course if you can arrange one-time pads you're 1:1 at 140 characters.
Not that useful (Score:1)
I guess the content is encrypted but the metadata is still free-for-all to use ...
Re: (Score:3)
So? Content is critical, everything is just plausible deniability. If you're concerned about someone knowing that you texted someone to the point where you're afraid even if they have no idea of the content of the message then get a burner phone.
Re: (Score:3)
That still brings the question which problem is RCS trying to solve? And why do we want carriers to have control on text messages sent between two people?
SMS/MMS and RCS all suck. Less than single-platform solutions like iMessage, but still suck as long as carriers have control on it (I can't just create my own RCS server and use it to communicate with my contacts) and is based on a phone number (again, which is region-locked and controlled by the carrier).
Good messaging solutions work on any internet-conne
Re: (Score:2)
> That still brings the question which problem is RCS trying to solve?
Everything not described in my edge case. Just because someone knows that you texted your friend at 2pm today doesn't mean you want them to know that you were arranging a gay romp in the forest
> And why do we want carriers to have control on text messages sent between two people?
The key there is in the 6th word of the sentence. You know what the carrier is right? It's someone who shuffles something from A to B. You don't want it, but you may need it if you haven't setup an alternate form of communication.
> SMS/MMS and RCS all suck.
Yes the only thing worse is not being able to talk at all. iMessage is great, doesn't wor
Re: Not that useful (Score:1)
End to end encrypted between all parties: You, your partner in crime and the NSA/CIA/FBI/...