iOS 26.5 RC's RCS leaks message metadata despite end-to-end content encryption

RCS is the texting system Apple uses for iPhone-to-Android chats when iMessage is not available. In iOS 26.5 RC, Apple finally turns on end-to-end encryption for those RC(9to5mac.com)story until now. But the catch is simple: encrypted content is not the same thing as invisible messaging. The words, photos, and files can be protected, while some of the surrounding delivery data still is not. (9to5mac.com) ### What actually changed? Apple confirmed in the iOS 26.5 RC release notes that Me(smartphones.gadgethacks.com). That means this is not just a rumor from a beta build anymore — it is an announced shipping feature, though still labeled beta. (9to5mac.com) ### Why wasn’t RCS already encrypted? Because Apple’s first RCS rollout in iOS 18 used an older version of the standard. That version brought nicer texting features — read receipts, typing indicators, better media — but not interoperable encryption between iPh(9to5mac.com) whole path. (gsma.com) ### What does the new standard protect? The GSMA’s newer RCS encryption spec uses MLS — Messaging Layer Security — to protect message content and other user-provided content such as files. Basically, the payloa(9to5mac.com)ade Apple is now plugging into Messages. (gsma.com) ### So what still leaks? Metadata. That usually means the envelope, not the letter — who is talking, when messages are sent, which device or service endpoint is involved, and other routing details needed(gsma.com)somewhere. The GSMA material describes protection for content, not total concealment of communication metadata. (gsma.com) ### Is that unusual? Not really. Even highly private systems have to make tradeoffs around metadata. Apple’s o(gsma.com)structure. Signal is famous partly because it tries to reduce metadata exposure further with features like Sealed Sender — and even there, the recipient still has to be knowable for delivery. (support.apple.com) ### Does every RCS chat get this protection? No. Gadget Hacks notes the protection applies only when the Android side uses a client t(gsma.com) RCS conversation may look similar to users, but they are not always the same thing under the hood. (9to5mac.com) ### Why does that matter for users? Because “RCS is encrypted now” is true only with an asterisk. If a carrier has not rolled it out, if the other app does not support the standard, or if a conversation falls back to another path, (support.apple.com)encrypted” and assume Signal-level coverage for everything around the message too. (9to5mac.com) ### Bottom line? iOS 26.5 fixes the biggest old problem with iPhone-to-Android RCS: unencrypted message content. But it does not make cross-platform texting magically private in e(9to5mac.com)ge was sent. (9to5mac.com)