Apple and Google have finally end-to-end encrypted RCS messages between their platforms — 18 months after the FBI warned those texts are not secure. But there’s a worrying angle to the coverage that followed the upgrade. Despite what you might have read, your texts are not secure “by default.”

When WhatsApp says all messages are “end-to-end encrypted by default,” that’s true. Everything on the platform is fully secured — at least content-wise, metadata is different. It’s the same for Apple’s iMessage . “When you use iMessage, your conversations are encrypted end-to-end, so they can’t be read while they’re sent between devices.” That’s the point of those blue bubbles.

Apple has uplifted the RCS protocol on iPhone with iOS 26.5, and says “encryption is on by default.” But there’s a critical caveat. Apple also says this “will be automatically enabled over time for new and existing RCS conversations.” Right now, that’s very limited and will never be the actual default.

It’s the same with Google Messages, which uses encrypted RCS when it can but defaults to unencrypted RCS or SMS text messaging when it cannot. This fallback is much clearer in iMessage — blue versus green bubbles, but that’s complicated by RCS, which is green whether it’s fully encrypted or not. Confused? You should be. This is much more painful than it needs to be.

Apple still says “iMessage was built with privacy in mind and has always been end-to-end encrypted. It remains the best way to communicate between Apple devices.” That’s the crux. You’re still better within Apple’s walled garden, which means you’re better cross-platform on WhatsApp or similar.

The only way to deliver genuinely “default” end-to-end encryption is to have control over each of the “ends.” That means the clients or apps on your phone. That’s what Apple does with iMessage and WhatsApp does with its app. Google does this if all users in a chat have an updated version of Google Messages, otherwise it does not. The current Apple/Google update simply offers a newer network protocol as an alternative to the legacy ones. It’s for each carrier to apply the upgrade .

Until then, no, your texts between iPhone and Android are not secured “by default.”

The alternative would have been for Apple and Google to link their clients and provide a direct pathway between them, with a shared encryption protocol for those messages. This is similar to WhatsApp’s proposal to open itself up to third-party chats. Unfortunately, the opportunity for that level of deeply integrated cross-platform message encryption has now been lost.

Until then, unfortunately you’re better sticking to fully end-to-end platforms. Time will tell how complete the RCS update is carrier by carrier. But let’s not forget that the reason Google took over the RCS rollout for Android was that the global carrier ecosystem was too slow in doing the same.