9to5Mac Security Bite is completely delivered to you by means of Mosyle, the only Apple Unified Platform. Making Apple gadgets work-ready and enterprise-safe is all we do. Our distinctive built-in option to control and safety combines cutting-edge Apple-specific safety answers for absolutely automatic Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and unique Privilege Management with essentially the most robust and fashionable Apple MDM available on the market. The result’s a unconditionally automatic Apple Unified Platform these days relied on by means of over 45,000 organizations to make hundreds of thousands of Apple gadgets work-ready and not using a effort and at an reasonably priced price. Request your EXTENDED TRIAL nowadays and perceive why Mosyle is the entirety you want to paintings with Apple.
Earlier this yr, Apple introduced that it was once main the rate on a cross-industry effort to convey end-to-end encryption (E2EE) to the RCS Universal Profile, which is printed by means of the GSMA. Apple instructed 9to5Mac in March it might come to the iPhone in a long term instrument replace. Google quickly after jumped in, declaring it too was once ‘dedicated to offering a safe messaging enjoy.’
I didn’t suppose it was once utterly unreasonable to think we’d see this showcased at WWDC 2025…that didn’t occur. Then I assumed perhaps in probably the most iOS 26 betas? Also not anything. So, what took place to cross-platform E2EE for RCS messaging? Is it nonetheless coming?
With this capacity included into the usual, all Rich Communication Standard (RCS) messaging between iPhone and Android customers can be utterly unreadable to backend intermediaries—its contents encrypted, scrambled into gibberish, and handiest unlockable with the decryption key saved at the person gadgets. Huge for person privateness.
Since the discharge of iOS 18 beta 2 in June, Apple has added RCS enhance, permitting iPhone customers to after all ship wealthy messages with audio and bigger media recordsdata to Android customers who aren’t the usage of iMessage. It was once a welcoming transfer for other people with folks who refuse to get an iPhone. Unlike the {industry} usual SMS, RCS gives acquainted options equivalent to learn receipts and the vintage typing indication animation, however it additionally provides the facility to massively enhance privateness and safety.
The key phrase is “talent.”
There’s a not unusual false impression that RCS comes with end-to-end encryption (E2EE) baked in, however that’s no longer the case. Google’s Messages app, some of the broadly used RCS shoppers, gives E2EE between Android gadgets as an additional layer of safety for the ones the usage of the carrier. This is very similar to how iMessage supplies E2EE completely between Apple gadgets.
When an iPhone communicates with a non-Apple software by the use of RCS, messages are handiest encrypted in transit the usage of transport-layer encryption (like TLS). While this saves in opposition to fundamental interception right through transmission, it doesn’t ensure messages can not nonetheless be available server-side, in contrast to E2EE, the place handiest the sender and recipient can learn the content material.
It’s nonetheless a significant growth over SMS, which sends messages in unencrypted plaintext, making them way more susceptible to interception. However, with out complete E2EE, RCS in its present state stays a step beneath platforms like iMessage or Signal.
In a observation to 9to5Mac in March, Apple stated:
End-to-end encryption is an impressive privateness and safety generation that iMessage has supported for the reason that starting, and now we’re happy to have helped lead a pass {industry} effort to convey end-to-end encryption to the RCS Universal Profile printed by means of the GSMA. We will upload enhance for end-to-end encrypted RCS messages to iOS, iPadOS, macOS, and watchOS in long term instrument updates.
At this level, it looks like a type of {industry} shifts that simply takes time to play out. Standards need to be finalized, after which Apple, Google, carriers, and everybody else within the chain must if truth be told enforce them. That more or less cross-company collaboration doesn’t occur in a single day or, on this case, over a yr. If anything else, we will proceed dozing neatly at night time, for the reason that each Apple and Google are publicly on board.
Thank you for studying Security Bite is a weekly security-focused column on 9to5Mac. Each week, Arin Waichulis delivers insights on knowledge privateness, uncovers vulnerabilities, and sheds mild on rising threats inside Apple’s huge ecosystem of over 2 billion lively gadgets.
Follow Arin: Twitter/X, LinkedIn, Threads
FTC: We use source of revenue incomes auto associate hyperlinks. More.
Source: 9to5mac.com
