TL;DR
Apple and Google have finally enabled end-to-end encryption for text messages sent between Android and iPhone devices through the adoption of Rich Communication Services (RCS) protocol. This closes a long-standing security gap that left cross-platform SMS messages vulnerable to interception and surveillance. The change, effective immediately with iOS 19 and Android 16 updates, impacts an estimated 2.5 billion users worldwide.
What Happened
On Monday, May 11, 2026, Apple and Google jointly announced that all text messages sent between iPhone and Android devices are now end-to-end encrypted — a milestone that ends a decade-long security disparity. Previously, messages sent through Apple's iMessage were encrypted in blue bubbles, while cross-platform messages in green bubbles relied on unencrypted SMS/MMS protocols that carriers and governments could read. The change arrives through a coordinated update to iOS 19 and Android 16, both rolling out globally today.
Key Facts
- Apple and Google worked together to implement the GSMA's RCS Universal Profile with end-to-end encryption, a protocol standard that was finalized in March 2025.
- The encryption covers text messages, images, videos, and file transfers between iPhones and Android devices — approximately 2.5 billion active smartphones worldwide.
- SMS/MMS traffic, which still accounts for roughly 15% of all cross-platform messaging, will remain unencrypted and is being phased out by carriers over the next 18 months.
- The announcement follows Apple's September 2024 decision to adopt RCS, reversing a years-long refusal that CEO Tim Cook had previously dismissed with the remark "buy your mom an iPhone."
- Google had publicly campaigned for RCS adoption since 2019, launching the "#GetTheMessage" campaign and publishing open letters to Apple CEO Tim Cook.
- End-to-end encryption is implemented using the Signal Protocol, the same cryptographic framework used by WhatsApp, Signal, and Google Messages.
- The European Union's Digital Markets Act (DMA) investigation into Apple's iMessage exclusivity, launched in September 2023, was officially closed on April 15, 2026 following this agreement.
Breaking It Down
For the better part of a decade, the green bubble versus blue bubble divide was more than a cosmetic annoyance — it was a fundamental security failure. Every text sent from an Android phone to an iPhone (and vice versa) traveled over SMS/MMS, a protocol designed in the 1980s that has no encryption, no authentication, and no protection against interception. Intelligence agencies, law enforcement, and sophisticated attackers could read these messages at the carrier level. The new RCS encryption eliminates that vulnerability entirely.
Over 2.5 billion messages per day were sent using unencrypted SMS between Android and iPhone users as of December 2025, according to data from the GSMA. Each of those messages was readable by at least one carrier intermediary.
The technical implementation is notable for what it does not require. Unlike iMessage or WhatsApp, which operate through centralized servers controlled by a single company, RCS encryption works through carrier infrastructure. Apple and Google jointly developed a cryptographic layer that sits atop the standard RCS Universal Profile, using the Signal Protocol to generate unique session keys for each conversation. Messages are encrypted on the sender's device and decrypted only on the recipient's device — no carrier, no platform, and no government can access the plaintext. The system still supports group chats, read receipts, and typing indicators, all now encrypted.
The timing is not coincidental. The European Commission's DMA investigation had been examining whether Apple's refusal to support RCS constituted an anticompetitive practice, given that iMessage's exclusivity created network effects that locked users into the iPhone ecosystem. By voluntarily adopting encrypted RCS, Apple avoided a potential forced-interoperability ruling that could have required it to open iMessage to third-party clients entirely. The investigation's closure on April 15 was the final regulatory signal that the companies needed to announce the rollout.
What Comes Next
-
Carrier SMS shutdown: Major US carriers including Verizon, AT&T, and T-Mobile have announced plans to phase out SMS/MMS support by December 2027. The transition will be gradual, with SMS remaining available for legacy devices and emergency services.
-
Third-party RCS client adoption: WhatsApp and Telegram have indicated they will add RCS interoperability in their 2026 Q4 updates, allowing users to choose their preferred app while maintaining encrypted cross-platform messaging.
-
Enterprise and government impact: The US Department of Homeland Security is expected to issue updated guidance on secure government communications by July 2026, potentially mandating RCS for all inter-agency messaging.
-
Regulatory ripple effects: The UK's Online Safety Bill and India's draft Digital Personal Data Protection Act both include provisions that could require messaging platforms to maintain "lawful access" capabilities — a direct conflict with end-to-end encryption. Industry observers expect legal challenges within six months.
The Bigger Picture
This development sits at the intersection of two powerful trends: encryption normalization and regulatory pressure on platform gatekeepers. End-to-end encryption, once a niche feature of specialized apps like Signal, has become a baseline expectation for consumer messaging. Apple's iMessage, WhatsApp, and Google Messages all adopted encryption years ago for same-platform traffic. The RCS move closes the last major gap, making encryption the default for all mobile text communication.
Simultaneously, regulatory pressure — particularly from the European Union's DMA and similar laws in Japan, India, and Brazil — is forcing technology companies to dismantle the walled gardens that once defined their competitive moats. Apple's concession on RCS is part of a broader pattern that includes USB-C adoption, third-party app store support, and browser engine choice on iOS. The message from regulators is clear: network effects derived from proprietary communication protocols are no longer acceptable.
Key Takeaways
- [Encryption Gap Closed]: All cross-platform text messages between Android and iPhone are now end-to-end encrypted using the Signal Protocol, ending a 40-year security vulnerability in SMS.
- [Regulatory Catalyst]: The European Union's DMA investigation into iMessage exclusivity, which closed on April 15, 2026, directly accelerated Apple's adoption of encrypted RCS.
- [Carrier Transition]: SMS/MMS will be fully phased out by major US carriers by December 2027, with encrypted RCS becoming the universal standard for mobile texting.
- [Global Impact]: Approximately 2.5 billion smartphone users across 200+ countries gain immediate protection against carrier-level surveillance and message interception.
