For years, the green bubble versus blue bubble divide has been more than a cosmetic annoyance — it has represented a genuine security gap between iPhone and Android users. That gap is now closing, but the road to full end-to-end encryption across platforms is proving to be neither quick nor simple. The GSM Association’s recent publication of updated Rich Communication Services (RCS) specifications, known as RCS Universal Profile 3.0, marks a significant technical milestone: for the first time, cross-platform encrypted messaging between Apple’s iMessage infrastructure and Google’s Messages app has a formal standard to follow.
The announcement, which arrived in mid-March 2025, drew immediate attention from privacy advocates, telecom analysts, and the tech press alike. As Android Police reported, the GSMA’s new specification incorporates the Messaging Layer Security (MLS) protocol to provide end-to-end encryption (E2EE) for RCS messages sent between Android and iOS devices. This means that, on paper, texts exchanged between the two platforms will eventually be protected from interception — not just by hackers, but also by carriers and the platform providers themselves.
A Long Road From Green Bubbles to Encrypted Cross-Platform Messaging
The friction between Apple and Google over messaging standards has a long and public history. Google spent years publicly pressuring Apple to adopt RCS, launching campaigns and open letters urging the iPhone maker to move beyond the aging SMS and MMS protocols that governed cross-platform texts. Apple, for its part, was slow to act. The company’s iMessage service already offered end-to-end encryption for messages between Apple devices, and critics argued that the company had little commercial incentive to improve the experience for users texting Android contacts.
Apple finally added RCS support to iPhones with the release of iOS 18 in September 2024. However, that initial implementation came without end-to-end encryption, meaning that while RCS messages between iPhones and Android phones gained features like higher-resolution media sharing, typing indicators, and read receipts, the actual content of those messages was not encrypted in the same way iMessage-to-iMessage conversations were. The security gap persisted, just in a new form.
What the New GSMA Standard Actually Specifies
The RCS Universal Profile 3.0 specification addresses this shortcoming directly. According to the GSMA, the updated standard uses the MLS protocol — an IETF standard designed for group and one-to-one encrypted messaging — to layer E2EE on top of RCS. This is significant because previous attempts at encrypting RCS were fragmented; Google had implemented its own proprietary encryption for Google Messages-to-Google Messages conversations, but there was no interoperable standard that worked across different apps and operating systems.
Tom Van Pelt, Technical Director of the GSMA, was quoted in the organization’s announcement stating that the new specifications define how to apply MLS within the context of RCS. The protocol ensures that messages, files, and other content shared between users are encrypted on the sending device and can only be decrypted on the receiving device. Neither carriers nor intermediary servers can read the message contents in transit. Apple, in a statement reported by multiple outlets, confirmed that it would add support for end-to-end encrypted RCS messaging in future software updates across iOS, iPadOS, macOS, and watchOS.
Google’s Head Start and Apple’s Catch-Up
Google has been vocal about its support for the updated standard. The company already offers E2EE within its own Messages app for conversations between two Google Messages users, a feature it rolled out progressively starting in 2021. With the new GSMA specification, Google has signaled that it intends to extend that encryption to cross-platform RCS conversations as soon as Apple implements the standard on its end. As Android Police noted, Google’s Elmar Weber stated that the company would move quickly to deploy MLS-based E2EE for cross-platform messaging.
The timing, however, remains uncertain. Apple’s statement committed to adding the feature in “future software updates” without specifying a version number or release window. Industry observers have speculated that the earliest possible implementation could arrive with iOS 19, expected in the fall of 2025, but Apple has not confirmed this timeline. The gap between the publication of a standard and its deployment in shipping software can be substantial, particularly when it involves coordination between two companies with historically adversarial positions on messaging.
Why MLS Was Chosen Over Other Encryption Protocols
The choice of MLS as the underlying encryption protocol is itself noteworthy. MLS was developed through the Internet Engineering Task Force (IETF) and finalized as RFC 9420 in 2023. It was designed specifically to handle the complexities of encrypted group messaging at scale — a problem that older protocols like Signal’s Double Ratchet algorithm handle well for one-to-one conversations but that becomes computationally expensive in large groups. MLS uses a tree-based key structure that allows group members to be added or removed efficiently without requiring a complete renegotiation of encryption keys.
For RCS, which must function across a wide variety of devices, carriers, and network conditions, MLS offers practical advantages. It supports asynchronous messaging — meaning a message can be encrypted and sent even if the recipient’s device is offline — and it scales well to group conversations. The protocol’s flexibility also means that different implementations can coexist, as long as they conform to the same standard. This interoperability is precisely what was missing from earlier, proprietary approaches to RCS encryption.
The Regulatory Pressure Behind the Scenes
The push toward encrypted cross-platform messaging did not happen in a vacuum. Regulatory pressure, particularly in the European Union, has been a factor. The EU’s Digital Markets Act (DMA), which took effect in 2024, includes provisions requiring designated “gatekeeper” platforms to ensure interoperability with third-party messaging services. While the DMA’s messaging interoperability requirements have primarily been directed at Meta’s WhatsApp and Facebook Messenger, the broader regulatory environment has created incentives for all major messaging platforms to adopt open, interoperable encryption standards.
In the United States, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) made headlines in late 2024 when they publicly recommended that Americans use encrypted messaging apps in the wake of the Salt Typhoon cyberattack, which compromised major U.S. telecom networks. That advisory underscored the vulnerability of unencrypted text messages — including standard RCS messages — to state-sponsored surveillance. The incident added urgency to the effort to bring E2EE to the broadest possible base of mobile users, not just those who proactively download apps like Signal or WhatsApp.
What This Means for Users — and What It Doesn’t
For the average consumer, the practical impact of the GSMA’s announcement will not be felt until both Apple and Google ship software updates that implement the new standard. When that happens, the roughly 2.5 billion active RCS users worldwide — a figure cited by the GSMA — will gain a level of default encryption that currently only exists within closed platforms like iMessage, WhatsApp, and Signal. The green bubble will still be green, but the conversation inside it will be far more private.
However, there are important caveats. End-to-end encryption protects message content in transit, but it does not prevent a recipient from sharing or screenshotting a conversation. It also does not address metadata — information about who is messaging whom, when, and how often — which can be nearly as revealing as message content itself. The GSMA specification does not appear to mandate metadata protection, and carriers will likely continue to have access to at least some metadata for billing and regulatory compliance purposes.
The Competitive Dynamics That Still Linger
There is also the question of whether Apple will implement the standard in a way that truly levels the playing field, or whether it will find ways to maintain differentiation for iMessage. Apple’s business model benefits from the perception that its devices offer a superior, more private communication experience. If cross-platform RCS messages become as secure as iMessage conversations, one of the implicit arguments for staying within the Apple ecosystem weakens. Some analysts have suggested that Apple may introduce additional iMessage-exclusive features to maintain that differentiation, even as it complies with the new RCS standard.
Google, for its part, has every incentive to push for rapid and complete implementation. The company has long argued that Apple’s reluctance to adopt open messaging standards was a deliberate strategy to disadvantage Android users and reinforce iPhone lock-in, particularly among younger demographics in the United States where iMessage dominance is most pronounced. With the GSMA standard now published, Google can point to a concrete, industry-backed specification and press Apple to deliver on its stated commitment.
A Standard Published Is Not a Standard Deployed
The publication of RCS Universal Profile 3.0 is a necessary but not sufficient step toward truly private cross-platform messaging. The hard work of implementation, testing, carrier certification, and software deployment lies ahead. History suggests that this process will take months, not weeks, and that the initial rollout may be uneven across regions, carriers, and device models. But the direction of travel is now clear: the era of unencrypted default messaging between the world’s two dominant mobile platforms is drawing to a close. The question is no longer whether it will happen, but how long users will have to wait — and how much of the fine print will matter once it does.
WebProNews is an iEntry Publication