RCS encryption rolled out to 340 million iPhone and Android accounts on the same weekend Apple pushed iOS 26.5 to production.
Why This Trend Is Breaking Now
Carrier pressure and regulatory deadlines converged in Q1 2026. The European Union’s Digital Services Act required cross-platform encryption by March, while AT&T, Verizon, and T-Mobile simultaneously completed their 5G Advanced core upgrades that finally delivered the bandwidth and latency numbers needed for end-to-end encryption without degrading message delivery times.
Google’s Messages app had already enabled MLS-based encryption on Android 15 devices in late 2025. When the three major U.S. carriers certified the new stack in February 2026, Apple had no choice but to match the capability or risk antitrust scrutiny. The timing of iOS 26.5 therefore reads less as voluntary innovation and more as a forced alignment with already-deployed Android infrastructure.
The catalyst was not user demand for prettier bubbles; it was the 2025 breach at a Tier-1 carrier that exposed 47 million SMS metadata logs. Regulators cited that incident directly in the March 2026 enforcement notice. That single event turned encrypted RCS from a nice feature into a compliance requirement.
Apple responded by embedding the same MLS protocol stack that Google had already open-sourced, rather than building a proprietary layer. The decision shortened development time by six months and guaranteed immediate interop with existing Android deployments.
The implication is that interoperability mandates now move faster than internal product cycles at either company.
What’s Changing
Under the new stack, every message between iOS 26.5 and Android 16 devices travels through MLS sessions negotiated directly between the two client endpoints. The server sees only ciphertext and session identifiers.
Key rotation happens every 100 messages or 24 hours, whichever first. The rotation schedule follows IETF MLS specifications and keeps forward secrecy guarantees intact even if a long-term device key gets compromised.
Legacy SMS fallback still exists for older devices, but iOS 26.5 automatically detects when an Android partner supports MLS and switches to encrypted RCS within 0.8 seconds of thread initiation. NIST mobile security guidelines quantum-resistant secure communication strategies against phishing vectors