Cross-platform mobile messaging between iPhone and Android has operated on SMS and MMS protocols for most of its history, standards from the 1990s that transmit content in plaintext and offer no protection against interception at the carrier layer. RCS (Rich Communication Services) was adopted by Android’s Google Messages years ago, but Apple withheld support until competitive and regulatory pressure made the delay untenable. iOS 16 introduced RCS support; iOS 26.5 and the matching Google Messages update now extend that with end-to-end encryption for iMessage-to-Android RCS conversations.

The practical result is that a text message sent from an iPhone to an Android device, and vice versa, is now encrypted in transit in a way that carrier infrastructure cannot read. This is the same protection that has long existed within iMessage-to-iMessage conversations and within WhatsApp, Signal, and other dedicated messaging platforms. The gap between platform-native secure messaging and cross-platform messaging has been a persistent friction point for privacy-conscious users, and for organisations trying to enforce messaging hygiene policies.

For businesses, the implications are concrete. Many organisations communicate with clients, candidates, or service users via SMS or carrier messaging precisely because it reaches everyone. That messaging has never been confidential at the transport layer. Encrypted RCS does not change the data that sits on the recipient’s device, nor does it address the metadata picture, but it removes one category of interception risk that affected every cross-platform message sent over a cellular network.

The rollout is not without complication. The encrypted RCS specification requires both sender and recipient to be running compatible software and to be communicating through carriers that have implemented the protocol correctly. Fallback to unencrypted channels remains possible in some configurations, and users have no reliable visual indicator distinguishing encrypted RCS from its unencrypted predecessor beyond the messaging app’s own UI signals.

There is a second privacy story running alongside the RCS rollout that deserves attention from a business perspective. Apple confirmed in January that the rebuilt Siri will use Google’s Gemini AI models for certain query types. Privacy researchers have raised questions about which queries trigger Gemini, where those conversations are processed, and whether Apple’s Private Cloud Compute guarantees apply to the Gemini-handled portion of interactions. Apple has stated it is not compromising on privacy for the sake of AI capability, but has not published technical specifics about the data handling boundary between on-device Siri and Gemini-routed queries.

For organisations that deploy Apple devices and have BYOD or mobile device management policies, the Siri-Gemini boundary is worth examining before iOS 26.5 reaches general availability. Data that a user dictates to Siri as part of a work query may route differently under the new model than under the current one, and many mobile usage policies were written assuming Siri operated entirely on-device or through Apple’s own infrastructure.

If your business needs a review of your mobile privacy posture, MDM policies, or messaging compliance position in the context of these changes, contact Excello Digital. We help organisations understand the practical privacy implications of platform changes and translate them into policy and configuration decisions.