CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Apple Deploys Cross-Platform End-to-End Encrypted RCS Messaging in iOS 26.5

First reported
Last updated
2 unique sources, 3 articles

Summary

Hide ▲

Apple has expanded end-to-end encrypted RCS messaging from a beta-limited Apple-only feature to a default-enabled cross-platform capability in iOS 26.5. The encryption now supports conversations between iPhones and Android devices on supported carriers, with visual indicators (lock icons) confirming secure sessions. This follows the GSMA’s 2025 endorsement of E2EE for RCS messages and represents a major industry collaboration milestone. Additionally, the beta in iOS 26.4 introduced Memory Integrity Enforcement (MIE) and default activation of Stolen Device Protection for all iPhone users, enhancing memory safety and device security. The initial development began with Apple testing E2EE for RCS messaging in iOS and iPadOS 26.4 Developer Beta, limited to Apple devices and based on RCS Universal Profile 3.0 using the Messaging Layer Security (MLS) protocol. The beta also introduced enhanced memory safety protections via MIE and default Stolen Device Protection, which enforces a one-hour delay for Apple Account password changes and requires biometric authentication for sensitive actions.

Timeline

  1. 12.05.2026 08:18 1 articles · 23h ago

    Apple rolls out cross-platform end-to-end encrypted RCS messaging by default in iOS 26.5

    Apple enables end-to-end encrypted RCS messaging by default for cross-platform conversations between iPhones and Android devices in iOS 26.5, with visual lock icons indicating secure sessions. The feature is supported on iPhones with compatible carriers and Android users on the latest Google Messages version. This follows the GSMA’s 2025 endorsement of E2EE for RCS messages, marking a significant expansion beyond the prior Apple-only beta implementation.

    Show sources
    Open in new tab
  2. 17.02.2026 08:44 3 articles · 2mo ago

    Apple Tests End-to-End Encrypted RCS Messaging in iOS 26.4 Developer Beta

    Apple initially tested end-to-end encryption (E2EE) for RCS messaging in iOS and iPadOS 26.4 Developer Beta, limiting the feature to conversations between Apple devices. The encryption was based on RCS Universal Profile 3.0 using the Messaging Layer Security (MLS) protocol. The beta also introduced Memory Integrity Enforcement (MIE) for enhanced memory safety protection, allowing applications to opt in to full protections beyond the previously available Soft Mode. Additionally, Stolen Device Protection was enabled by default for all iPhone users, adding a one-hour delay before allowing Apple Account password changes and requiring biometric authentication for key security actions.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

Gmail mobile client-side encryption expands to Android and iOS with native E2EE support

Google has enabled native end-to-end encryption (E2EE) for Gmail on Android and iOS mobile devices, allowing users with Enterprise Plus licenses and Assured Controls add-ons to compose, read, and send encrypted emails directly within the Gmail app without additional tools. Encrypted messages are delivered as regular emails to recipients, regardless of their email service or device, and are accessible via a web browser if the recipient lacks the Gmail app. This implementation leverages client-side encryption (CSE), where encryption keys are controlled by the organization and stored externally, ensuring Google and third parties cannot access message content, aligning with compliance requirements such as HIPAA and data sovereignty mandates. The feature is now available immediately to eligible users after administrator configuration via the Admin Console CSE interface. Administrators must enable the feature for their organizations, and users can then compose encrypted messages by selecting the "Additional encryption" option via the lock icon in the Gmail mobile app. The rollout applies to Google Workspace Enterprise Plus customers with Assured Controls or Assured Controls Plus add-ons, supporting compliance with regulatory requirements while maintaining a user-friendly experience across recipient platforms.

Open in new tab

WhatsApp introduces passkey-encrypted chat backups for iOS and Android

WhatsApp is rolling out passkey-encrypted chat backups for iOS and Android. This new feature allows users to encrypt their chat history using biometric authentication (fingerprint, face recognition) or a screen lock code. Passkeys provide enhanced security by eliminating the need for traditional passwords, reducing the risk of data breaches. The feature is being introduced globally, with a gradual rollout expected over the coming weeks and months. Users can enable this security feature through WhatsApp settings. This update builds on the existing end-to-end encrypted (E2EE) chat backups introduced in October 2021, which allow users to store and restore their messages securely.

Open in new tab

Apple increases bug bounty payouts for zero-click RCE vulnerabilities

Apple has expanded and redesigned its bug bounty program, doubling maximum payouts and adding new research categories. The highest reward is now $2 million for zero-click remote code execution (RCE) vulnerabilities, with a bonus system that can exceed $5 million. The program now includes higher payouts for various types of vulnerabilities, including one-click remote attacks, wireless proximity attacks, and unauthorized iCloud access. Apple also plans to distribute secured iPhone 17 devices to civil society organizations and researchers in 2026. The changes aim to incentivize the discovery and reporting of sophisticated security issues, particularly those exploited by mercenary spyware. The program has awarded $35 million to 800 security researchers since its inception in 2020. The expansion includes a $100,000 reward for a complete Gatekeeper bypass and a $1 million reward for broad unauthorized iCloud access. Apple's latest bug bounty announcement is a response to the growth of commercial spyware activity, with the UK’s National Cyber Security Centre (NCSC) estimating that the commercial cyber intrusion sector doubles every 10 years.

Open in new tab

Google Workspace E2EE for Gmail Extended to External Recipients

Google has expanded its end-to-end encryption (E2EE) feature for Gmail to support encrypted emails to any email service. This update allows Gmail enterprise users to send encrypted emails to recipients using any email platform. The new feature leverages client-side encryption (CSE) to ensure that data is encrypted on the client before being sent to Google's cloud storage. Recipients receive a link to view and reply to the encrypted message using a guest Google Workspace account. The rollout began in April 2025 as a beta test and is expected to reach general availability over the next two weeks.

Open in new tab