iOS 26.5 RCS encryption finally closes the green-bubble gap

UPDATED · News · 11 May 2026 · MTW News Desk

iOS 26.5 RCS encryption is the May 11 2026 story that finally closes the green-bubble security gap. Apple announced that end-to-end encrypted RCS messaging has begun rolling out in beta for iPhone users on iOS 26.5 and Android users on the latest Google Messages.

Why iOS 26.5 RCS encryption matters for UK iPhone users

For nearly two years, RCS on the iPhone shipped without the one feature that actually mattered, end-to-end encryption. iOS 18.1 turned on RCS in late 2024, but every message between an iPhone and an Android device travelled over carrier infrastructure that the carriers, in theory, could read. iOS 26.5 RCS encryption fixes that, and it does so with the same Messages Layer Security (MLS) primitive Google has been shipping in beta since iOS 26.4. The lock icon in a thread is the user-visible signal that a conversation has bootstrapped a shared encrypted session between Apple’s stack and Google Messages.

UK readers have followed this story through Apple’s earlier rollouts. We covered the iOS 26.5 beta when Apple first re-enabled RCS encryption testing, and the underlying interoperability problem has been the backdrop to Samsung’s AirDrop interop announcements. Apple’s framing is careful, the company still calls iMessage its most secure messaging product, but iOS 26.5 RCS encryption stops the green-bubble thread from being a security liability.

How iOS 26.5 RCS encryption actually works

The mechanic is straightforward once you ignore the marketing. When two users on supported carriers exchange an RCS message under iOS 26.5 and the latest Google Messages, the clients negotiate a Messages Layer Security session using the GSMA’s universal RCS profile. The carrier can route packets but cannot read content. Apple is explicit that encryption is on by default and that both sender and receiver carriers must support the latest RCS profile for the lock to appear. There is a toggle in Settings, Messages, RCS Messaging, but most iPhone owners will simply see the lock icon appear in active threads.

The carrier dependency is the catch UK users will notice. iOS 26.5 RCS encryption requires that both ends of the conversation use carriers running the new profile, and Apple has been deliberately vague about which networks qualify outside the US launch list. EE, O2, Three and Vodafone all support standard RCS in the UK, but compliance with the GSMA MLS profile is a separate certification step. Apple’s support page promises a worldwide carrier list and indicates the rollout will be gradual over the coming months. Expect UK networks to land later in 2026 rather than on day one.

Everything else inside iOS 26.5 worth knowing

iOS 26.5 RCS encryption is the headline, but the wider release is a tidy point update that quietly hardens the platform. The 50+ security patches alone justify installing now, particularly given the kernel and WebKit fixes Apple flagged. The new Pride Luminance wallpaper continues a tradition that started with iOS 7, this year the design refracts colour dynamically as the iPhone is moved. The Maps app picks up Suggested Places, a recommendations layer that pulls from recent searches and trending stops nearby.

The most interesting EU-specific change is Live Activities on third-party wearables. Compliance with the Digital Markets Act is forcing Apple to open APIs that previously only AirPods and the Apple Watch could use, including proximity pairing for third-party earbuds. UK users will not get this in 2026 because Brexit pulled the country out of EU competition rules, but the precedent matters for the iPhone 17 Pro versus Pixel 10 Pro debate, where third-party wearable parity changes the calculus.

What UK iPhone owners should watch next

The thing to track is which UK carrier flips the encryption switch first. Apple’s documentation says iOS 26.5 RCS encryption requires both ends to be on a supported network running the latest RCS profile, which means a Vodafone customer texting an EE Pixel owner could see the lock today, tomorrow, or in three months depending on which carrier finishes certification. Watch for the lock icon. If it appears, the conversation is secure. If it does not, your messages are still travelling over the same RCS pipe you were already using, which is fine for daily chat but not what privacy-sensitive readers expect.

The longer-term context is that Apple has now removed every meaningful technical argument for sticking with iMessage on iPhone-to-Android conversations. That said, iMessage retains features RCS still does not, such as cross-device handoff, Apple-grade group management and reactions that survive translation to Android. The cross-platform encrypted RCS thread is now good enough for sensitive content, which alone is a quiet win. Apple’s stance, echoed in the announcement, is that iMessage stays the recommended default inside Apple’s ecosystem and RCS becomes the secure fallback for everything else. The iOS 26.4.2 emergency security patch from earlier this year is a reminder that Apple’s pace of security shipping has accelerated, and 26.5 fits that pattern.