Security Bite: Apple could announce cross-platform E2EE for RCS messaging at WWDC

Arin Waichulis | May 30 2025 - 8:52 am PT

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

We’re officially just over a week away from WWDC 2025. While we expect big design enhancements and much-needed Apple Intelligence improvements to iOS, Apple has the opportunity to do something it’s quite good at: flexing its privacy prowess.

Earlier this year, Apple announced that it was leading the charge on a cross-industry effort to bring end-to-end encryption (E2EE) to the RCS Universal Profile, which is published by the GSMA. The company said that it would come to iPhone in a future software update. Google soon after jumped in, stating it too was ‘committed to providing a secure messaging experience.’

With this capability incorporated into the standard, all Rich Communication Standard (RCS) messaging between iPhone and Android users would be completely unreadable to backend intermediaries—its contents encrypted, scrambled into gibberish, and only unlockable by the decryption key stored on the user devices. This would be a huge move for user privacy.

Since the release of iOS 18 beta 2 in June, Apple has added RCS support, allowing iPhone users to finally send rich messages with audio and larger media files to Android users who aren’t using iMessage. It was a welcoming move for people with parents who refuse to get an iPhone. Unlike the industry standard SMS, RCS offers familiar features such as read receipts and the classic typing indication animation, but it also adds the ability to vastly improve privacy and security.

The keyword is “ability.”

There’s a common misconception that RCS comes with end-to-end encryption (E2EE) baked in, but that’s not the case. Google’s Messages app, one of the most widely used RCS clients, offers E2EE between Android devices as an extra layer of security for those using the service. This is similar to how iMessage provides E2EE exclusively between Apple devices.

When an iPhone communicates with a non-Apple device via RCS, messages are only encrypted in transit using transport-layer encryption (like TLS). While this protects against basic interception during transmission, it doesn’t guarantee messages cannot still be accessible server-side, unlike E2EE, where only the sender and recipient can read the content.

It’s still a major improvement over SMS, which sends messages in unencrypted plaintext, making them far more vulnerable to interception. However, without full E2EE, RCS in its current state remains a step below platforms like iMessage or Signal.

In a statement to 9to5Mac in March, Apple said:

End-to-end encryption is a powerful privacy and security technology that iMessage has supported since the beginning, and now we are pleased to have helped lead a cross industry effort to bring end-to-end encryption to the RCS Universal Profile published by the GSMA. We will add support for end-to-end encrypted RCS messages to iOS, iPadOS, macOS, and watchOS in future software updates.

What better place to demonstrate Apple’s device privacy and security lead than at the World Wide Developers Conference? This will be a heavily coveted event since the slow, deleterious release of Apple Intelligence features on Apple’s reputation. I can’t think of a better way for the company to reaffirm its position as an industry leader than having GMSA, who will likely be at the event, “on stage” during the prerecorded keynote, bolstering Apple’s commitment to privacy by bringing E2EE to the RCS Universal Profile.

I understand it’s only been a year since RCS hit iPhone, but this feature already feels like a long time coming. Apple also hasn’t given RCS much airtime. Apart from press releases, the company mentioned “RCS support” only once in closing during the iOS 18 announcement part of the WWDC24 keynote.

With Apple’s initial announcement in March that encrypted RCS was coming to iPhone, the timing feels right. I hope the company makes a baller move here and announces the feature at WWDC 2025. Worst case, we get a press release sometime down the road.