Mixing Signals: Confusing Security of RCS and iMessage

The Green Bubble / Blue Bubble War is almost over – but after a dramatic year of mobile updates, it’s time to take a closer look at messaging security. ? ?

2024 was supposed to be the year of united texting across platforms and increased security, but instead of becoming simpler, the encryption curveballs are making things harder to understand. Earlier last year Apple decided to officially support RCS (Rich Communication Services), which simply put, brings more iMessage-like texting features to messaging between Android and iPhone users – allowing messages to be sent over WiFi instead of cell towers, and allowing for group chat controls, and emoji reactions. With this new standard comes new security enhancements as well. Although RCS is nothing new, it bridged a much-needed gap between device platforms in the United States.??

In Europe, approximately 90% of people prefer external messaging apps like WhatsApp or Signal for communication, while in the US, only about 30% of users rely on such apps. Instead, the vast majority stick to their phone's default messaging apps. The introduction of RCS to iMessage was expected to address a major security gap by replacing SMS—a notoriously insecure protocol—with a more modern and secure alternative. However, the reality is more complicated. As of now, Apple’s implementation of RCS lacks end-to-end encryption, leaving messages vulnerable. Only messages sent through Apple’s proprietary iMessage platform remain fully encrypted, creating a patchwork approach to messaging security. End-to-end encryption (E2EE) is the gold standard of messaging security because it ensures that only the sender and recipient can read the messages—no one in between, not even the platform provider, can access the content. While iMessage and some RCS implementations on Android offer E2EE, the version Apple is supporting for cross-platform communication notably leaves this protection out.?

This oversight creates a major security concern. Messages sent using this watered-down version of RCS are vulnerable to interception. Without encryption, sensitive information like passwords, personal details, or financial data could potentially be exposed if the network is compromised. Worse yet, users may not even realize their messages are unprotected, believing the "green bubble/blue bubble" gap has been closed without understanding the fine print.?

Why Secure Messaging Matters—Especially for Business?

The lack of consistent end-to-end encryption isn't just a tech issue; it's a critical problem for businesses and professionals. Sensitive conversations are often conducted over messaging apps, whether it’s sharing project updates, client details, or internal plans. Unencrypted messaging apps open the door to potential data breaches, which can result in financial loss, reputational damage, or even legal consequences.?

To mitigate these risks, businesses and individuals should prioritize secure messaging apps that provide E2EE as a standard feature. Platforms like Slack, Microsoft Teams, and WhatsApp offer varying levels of encryption and administrative controls tailored for professional and sensitive communications. Additionally, apps like Signal and Wire are designed specifically with privacy in mind, making them excellent choices for those prioritizing security.?See our full blog for more information.