Apple tests end-to-end encryption in RCS for iOS: a beta with limits that could change the privacy of your messages

Apple has opened a new door in the field of secure messaging by enabling, in beta version for developers, end-to-end encryption for RCS messages on iOS and iPADOS. The company has included this capacity in beta 26.4, a test that advances functions that will later reach iPhone, iPad, Mac and Apple Watch, and that seeks to strengthen the privacy of conversations without relying only on iMessage.

RCS (Rich Communications Services) is the standard that many operators and manufacturers have promoted as the successor to SMS, with enriched messages and modern functions. However, one of its great historical shortcomings has been the absence of extreme to widespread encryption. This vacuum began to be closed with the formal backing of the industry - which drives the adoption of safer profiles and protocols - and now Apple is adding to the internal tests of a solution that, in theory, prevents messages from being read while travelling between devices.

Apple's implementation, for now, is experimental and with limits. In the beta notes the company itself warns that the end-to-end encryption is in beta phase and that not all combinations of devices or operators still support it; in addition, the protection applies only to conversations between Apple devices, not to chats with users on other platforms such as Android. You can see the technical details and restrictions in Apple's official notes on iOS and iPadOS 26.4 on its developer portal: developer.apple.com.

For RCS to offer E2EE in a robust way, implementation needs to follow the universal profile and adopt recent cryptographic protocols. In this case, the RCS encryption rests on the Universal Profile 3.0 profile and is based on the Messaging Layer Security (MLS) protocol, which aims to provide a scalable and modern framework for secure group conversations and one by one. Those who want to go into MLS can review the public information of the IETF working group: datatacker.ietf.org (MLS WG).

The movement does not come in isolation: the industry, represented by organizations such as the GSMA, has been promoting the incorporation of end-to-end encryption to RCS in recent times, making it easier for manufacturers and operators to offer more private messaging without giving up interoperability. However, the transit from specification to full user experience depends on updates in networks, operators and manufacturers that adopt the updated profile.

In addition to the work on messaging, beta 26.4 includes progress in the protection of the platform. Apple adds an option for applications to fully benefit from the safeguards of the so-called Memory Integrity Enforcement (MIE), an initiative aimed at increasing memory security in critical parts of the system. MIE was presented by Apple with the intention of reducing the surface of attack against sophisticated spy software and threats that exploit memory errors; now the apps will be able to opt for full protections, beyond the previous preventive mode that offered a softer configuration.

Another relevant development that has been reported around iOS 26.4 is the default activation of the so-called Stolen Device Protection, a function aimed at curbing the use of stolen devices to steal confidential information. According to specialized media reports, this protection calls for biometric authentication for sensitive operations when the phone is out of regular environments and adds delays in critical account changes to give time to report the theft. Apple explains in its supporting documentation how this additional layer works: support.apple.com (Stolen Device Protection), and the specific details on RCS are on your messaging help page: support.apple.com (RCS).

What does this mean for users? In practical terms, it opens up the possibility of having more private conversations without leaving the Apple ecosystem, something attractive to those who want to maintain the simplicity of their communications and increase protection against third parties. However, realistic expectations are needed: for now it is a limited beta, interoperability with Android devices will depend on those devices and their operators implementing the same profile and encryption, and the final experience may vary by region and telephone company.

On the general mobile security map, the news adds important points: end-to-end encryption in RCS for conversations between Apple devices, greater memory protection options for applications and additional measures to prevent the abuse of lost or stolen devices. If you want to follow the evolution of these functions and their arrival in public versions, official Apple notes and specialized coverage such as the MacRumors are good starting points to keep you informed.

In the end, Apple's incorporation of E2EE to RCS is one more piece in the transition to safer and more private mobile communications. It remains to be seen how interplatform interoperability is articulated, how operators react and how long this protection will take to reach most devices. Meanwhile, beta serves for advanced developers and users to test and give feedback on real behaviors that will help polish the function before its overall deployment.