Encrypted RCS Spotted in iOS 26.3 Beta

Mention of the long-awaited RCS end-to-end encryption (E2EE) support in the iOS 26.3 beta was spotted by Tiion-X83 on X via a carrier bundle setting that would let carriers enable E2EE for RCS messaging.

The GSMA announced its Universal Profile 3.0 back in March of 2025, with the headlining feature being cross-platform E2EE support that would bring encrypted texting by default to the masses. Utilizing the open Messaging Layer Security (MLS) standard, the new RCS update promised to provide modern messaging security features to the default messaging app on everyone’s phone.

Google Messages offered E2EE RCS messaging for a long time, but it was limited to other Google Messages users. Google Messages also isn't available on iOS, so you would need a different app for cross-platform E2EE.

Apple similarly offers E2EE between iOS users via iMessage, without offering the app on Android.

With this new find, it seems that longstanding barrier could be ending. Cross-device E2EE messaging may become the new norm for the foreseeable future.

SMS isn’t only used for communication, however. It’s frequently used to send two-factor authentication codes when logging in, to receive updates on deliveries, automated messages sent out to many users of a service, etc. It might take a long time for SMS to be fully replaced, meaning messengers will need to support both RCS and SMS, which is a lot of added attack surface. Not ideal in a time where activists are targeted with state-sponsored malware via messaging apps.

We will need to switch to more robust sign-in solutions that don’t rely on unencrypted communication channels like SMS, ideally passkeys, TOTP, or FIDO hardware keys. We should be using messaging services for messaging, nothing more.

Like most things, unseating SMS from its dug-in position is a multi-faceted problem, but RCS adoption is the first step in fixing it.

Due to the flaws in SMS, many people rely on separate messaging apps such as WhatsApp in order to facilitate secure communications. The issue is that these apps aren’t interoperable, so if you aren’t already on someone’s messaging apps of choice, one of you needs to sign up for a new app. Between WhatsApp, Signal, Telegram, Google Messages, iMessage, Discord, and many others, it’s typical for people to be on several apps, sometimes just to talk to one or two people. This can be very annoying, lead to excess data exposure (most of these apps require some personal data to sign up, such as your phone number or email), and added security risks. There’s also inconsistent security features between them. Discord doesn’t support E2EE messaging, for example, but does support E2EE voice calls.

Once support lands in iOS and Android, carriers will still need to get onboard which will take a bit longer. Currently there are no carriers enabling the feature, according to Tiino-X83’s tweet.

In the time it’s taken for Universal Profile 3.0 to land in major platforms, the GSMA has released Universal Profile 3.1 with some extra improvements to the standard.