RCS Gets End-to-End Encryption — and Cross-Platform Messaging Finally Has a Privacy Story
For years, the embarrassment of SMS — transmitted in cleartext across carrier networks, readable by mobile operators, interceptable by Stingray devices — was excused by the fact that it was universal. Everyone had it. Nothing better was universal. Then Apple and Google both pushed their proprietary encrypted messaging apps, fragmenting users across iMessage, RCS with end-to-end encryption (Android-only), Signal, WhatsApp, and Telegram, with no encrypted common ground between platforms.
That changed in 2025 when the GSMA finalized the RCS Universal Profile 2.4, which includes mandatory end-to-end encryption using the MLS (Messaging Layer Security) protocol. With Apple implementing RCS support in iOS 18 and enabling E2E encryption in the 2025-2026 rollout, billions of messages between Android and iPhone users are now encrypted in transit for the first time.
What RCS 2.4 Encryption Actually Does
The encryption in RCS Universal Profile 2.4 uses the MLS protocol (RFC 9420), a modern group messaging protocol developed specifically for scalable, forward-secret encrypted communication. MLS provides forward secrecy — compromise of a current key doesn't retroactively expose past messages — and post-compromise security, which limits the damage from key exposure going forward.
For one-on-one conversations, messages between an Android user and an iPhone user are encrypted on the sender's device and decrypted only on the recipient's device. The carrier network, the telecom infrastructure, and even Apple and Google's servers cannot read the content. Group messaging gets MLS's full tree-based key management, which scales efficiently as group membership changes.
What RCS Doesn't Fix
RCS with E2E encryption is better than SMS, but it isn't Signal. Three limitations matter: metadata (carriers can still see who messaged whom and when), backup encryption (which is opt-in rather than default for most users), and verification (RCS's key verification model is weaker than Signal's safety numbers). These gaps matter for high-risk users — journalists, activists, executives under surveillance. For ordinary users, the upgrade from SMS to RCS E2E is still enormous.
Why It Still Matters
The meaningful impact isn't on privacy advocates who already use Signal. It's on the billions of ordinary users who default to whatever the OS messaging app is. For these users, RCS E2E encryption provides a baseline that SMS never could: content privacy in transit, protection from carrier interception, and resilience against mass surveillance of messaging infrastructure.
The rollout is uneven — RCS E2E encryption requires both parties on a carrier and device supporting Universal Profile 2.4. In markets where carrier RCS rollout is incomplete, RCS may fall back to SMS. Apple's implementation launched E2E encryption in limited markets and is expanding through 2026.
The Bigger Picture
RCS's adoption is part of a broader convergence in messaging. The EU's Digital Markets Act requires large platform gatekeepers to open messaging APIs for interoperability, and the emerging standard for this interoperability is MLS — the same protocol RCS 2.4 uses. There's a plausible near-future in which the encrypted messaging ecosystem becomes genuinely interoperable.
For now, the practical advice: if you're using Google Messages on Android and the built-in Messages app on iPhone, and both are updated, your cross-platform messages are encrypted. That's a significant change from six months ago — and it's not a reason to delete Signal, but it is a reason to stop treating every text as an inherently public communication.