Summary

  • Carriers have faced a security breach, prompting the FBI to recommend using platforms with full end-to-end encryption.
  • Currently, RCS chats are encrypted in transit, and most Android-to-Android chats use full end-to-end encryption. But Apple’s RCS implementation does not, meaning Android-to-iPhone chats are only encrypted in transit.
  • Google Messages uses Signal Protocol for E2EE, but this was added on top of the RCS Universal Profile by Google. The GSMA is working on a one-size-fits-all E2EE solution for the Universal Profile, but there’s no clear timeline for its release.



If you’re an Android user and some of your friends are on iPhones (or vice versa), your chats just got a huge upgrade with the release of iOS 18. But while Apple now supports RCS, it only does so using what’s been provided upstream. Compared to Google Messages, which adds a few features on top of the base RCS Universal Profile, Apple’s implementation is very bare-bones. This includes end-to-end encryption — a feature Google has implemented via the Signal Protocol, but one that is not included in RCS by default. At least, not yet.

After a major security breach at US carriers, the FBI recommended against using RCS text messaging between Android and iOS until communications are fully encrypted. While work is well underway on an encryption system from the GSM Association (GSMA) that will be added to the Universal Profile, unfortunately, it appears to still be months away with no clear timeline.



A generic security lock showing digital encryption with a blue background

Related

What is end-to-end encryption?

How can an app send messages that only you can decode?

“Work with key industry stakeholders is progressing well and we look forward to updating the market in the coming months,” commented a spokesperson from the GSMA, according to CNBC. While it wasn’t specified, we’re fairly certain that the work being done towards implementing end-to-end encryption in the RCS Universal Profile centers around the new MLS protocol (messaging layer security) spotted in development months ago.

Once the GSMA implements MLS encryption in the RCS Universal Profile, it would then need to publish the new version. After that becomes available, Apple would also need to update its Messages app to include the new Universal Profile before E2EE would be possible between Android and iOS. And since Apple only updates its system apps via full OS upgrades, we would likely have to wait for iOS 18.1 to be released at a minimum, or potentially until iOS 19 in the fall, before chats are fully encrypted between the two operating systems.


In early December, news broke that the Chinese hacking group Salt Typhoon had compromised more than a million devices and prompted the FBI to issue a statement that Android and iPhone users should avoid texting one another on insecure platforms.

a person hiking holding a phone in hand using satellite sms messaging

Source: Verizon


What platforms offer end-to-end encryption?

While RCS chats are already encrypted during transit between Android and iOS, the messages are decrypted once they make their way to the carrier’s side of the connection, and this is where the data breach occurred. Considering this, you might want to take the FBI’s advice and try a fully encrypted messaging platform in the meantime. While there are a lot of different services that allow you to send encrypted, secured messaging, few are more popular than Signal. It’s available on all major platforms (including desktop) and offers true encryption for all content.


If that doesn’t sound like your style, another option is WhatsApp, which is particularly popular outside of the US. Telegram is another choice, and while it’s E2EE isn’t complete — both staff and government-level agencies can access your messages — Telegram has proven it will only reveal data if a court order can prove the potential for terror threats.