A lock icon confirming the exchange is now protected from unauthorized access
In a moment where digital privacy has become one of the defining concerns of modern life, Apple has extended the reach of encrypted communication beyond its own walls — bridging the long-standing divide between iPhone and Android users through a quietly significant update. iOS 26.5 brings end-to-end encryption to cross-platform RCS messaging, a collaboration between two rival giants who found common cause in protecting the conversations of billions. Alongside more than fifty security patches, the release is less a dramatic announcement than a steady, deliberate act of maintenance — the kind of unglamorous work that keeps the infrastructure of daily life from quietly unraveling.
- For years, messages crossing the iPhone-to-Android divide traveled without encryption, leaving millions of conversations exposed to potential interception — a gap that iOS 26.5 now moves to close.
- The fix required Apple and Google to set aside their rivalry and co-engineer a solution through the RCS protocol, with Android users needing the latest Google Messages app for the encryption to activate.
- More than fifty security vulnerabilities have been patched in this release, including over ten WebKit flaws that could have allowed malicious web content to silently harvest sensitive user data through Safari.
- The rollout is gradual — currently in beta — meaning full protection will arrive in waves rather than all at once, leaving some users in a transitional window.
- The update lands weeks before WWDC, where iOS 27 and major Siri upgrades are expected, framing this release as both a security imperative and a bridge to a larger transformation ahead.
Apple has released iOS 26.5 with an urgent recommendation to install it promptly — and for good reason. At the heart of the update is a feature years in the making: end-to-end encryption for messages exchanged between iPhones and Android devices, finally addressing a vulnerability that has left cross-platform conversations open to interception.
The encryption travels through RCS, the modern protocol that has been steadily replacing SMS. The familiar green bubble remains — that cultural marker of the platform divide — but it now carries a lock icon, signaling that the conversation is shielded from outside access, including from Apple itself. Making this work required cooperation between Apple and Google, who recognized a shared interest in securing communication across their competing ecosystems. Android users must have the latest version of Google Messages installed; the feature is rolling out gradually through a beta phase.
The update's deeper weight lies in its security overhaul. More than fifty vulnerabilities have been patched, including over ten fixes for WebKit, the engine powering Safari. One flaw allowed maliciously crafted web content to silently expose sensitive user information — the kind of threat that can affect millions without any visible sign. Apple has offered little detail about the specifics, a standard industry practice to avoid guiding potential attackers.
Smaller additions round out the release — a Pride Luminance wallpaper, refined Apple Maps recommendations — but these feel secondary to the security work. Compatible with iPhone 11 and newer, iOS 26.5 arrives roughly two months after its predecessor and just weeks before WWDC, where iOS 27 and significant Siri upgrades are anticipated. For now, the directive is clear: update, encrypt, and patch.
Apple has released iOS 26.5, and if you care about the security of your text messages, the company is urging you to install it now. The update arrives with a feature that has been quietly requested for years: end-to-end encryption for messages sent between iPhones and Android phones, finally closing a gap that has left cross-platform conversations vulnerable to interception.
The encrypted messaging works through RCS, or Rich Communication Services, the protocol that has gradually replaced the aging SMS standard. When an iPhone user texts someone with an Android device, those messages appear in a green bubble on the sender's screen—a visual marker of the platform divide that has become something of a cultural shorthand. iOS 26.5 doesn't eliminate that green bubble, but it does something arguably more important: it adds encryption to those conversations. Users will see a lock icon next to their RCS messages with Android contacts, a small visual confirmation that the exchange is now protected from unauthorized access, including from Apple itself.
The work was a collaboration between Apple and Google, two companies that have often found themselves at odds but recognized the mutual benefit of securing cross-platform communication. For the feature to work, Android users need the latest version of Google Messages installed, while iPhone users require iOS 26.5 and a compatible carrier. The rollout is currently in beta, meaning it will expand gradually rather than arriving all at once.
Beyond messaging, the update includes other refinements. A new wallpaper called Pride Luminance offers a spectrum of refracting colors. Apple Maps has been updated to surface recommendations based on what users have searched for recently and what is trending locally. These are modest improvements, the kind that accumulate over time to shape the overall experience of using an iPhone.
But the substance of this release lies elsewhere. iOS 26.5 patches more than fifty security vulnerabilities, a significant number that speaks to the constant work required to keep a widely used operating system ahead of threats. Among the most critical are more than ten fixes for WebKit, the browser engine that powers Safari. One of these patches addresses a flaw where processing maliciously crafted web content could disclose sensitive user information—the kind of vulnerability that could affect millions of people without their knowledge. Apple has been sparse with details about what these vulnerabilities were or how they might have been exploited, a common practice in the industry to avoid giving attackers a roadmap.
The update is available for iPhone 11 and all newer models, as well as compatible iPad devices. It arrived roughly two months after iOS 26.4, which had introduced new emojis and live translation features. The timing is notable: iOS 26.5 lands less than a month before Apple's Worldwide Developers Conference, where the company is expected to announce iOS 27. That next version is rumored to include substantial upgrades to Siri, Apple's voice assistant, suggesting that the company is preparing for a more significant shift in how users interact with their devices. For now, though, the message is straightforward: update your phone, secure your cross-platform messages, and patch the vulnerabilities that could put your data at risk.
Citações Notáveis
End-to-end encryption means that the messages can't be read by unauthorised third parties—indeed, not even Apple itself—when sent between devices— Apple's announcement regarding RCS encryption
A Conversa do Hearth Outra perspectiva sobre a história
Why does the green bubble problem still exist if they've encrypted the messages?
The green bubble is a visual indicator of the protocol being used, not the encryption itself. Removing it would require Apple to change how it displays messages fundamentally, which they haven't done. The lock icon is their way of saying: yes, it's still green, but now it's secure.
So Google and Apple worked together on this. That's unusual, isn't it?
It is. But they both benefit from it. Apple gets to offer users something they've been asking for. Google gets to improve Android security. And both companies benefit from the narrative that they're taking privacy seriously.
What about those fifty security patches? Are we talking about serious threats?
The WebKit fixes suggest yes. A flaw that lets malicious web content steal sensitive information—that's not theoretical. That's the kind of thing that could affect millions of people without them knowing they were ever at risk.
Why is Apple so quiet about what these vulnerabilities actually were?
Disclosure is a balance. Tell people too much and you give attackers a blueprint. Tell them too little and they don't understand why they should care. Apple tends toward the latter.
This update comes right before WWDC. Is that a coincidence?
Probably not. You want your security house in order before you announce the next big thing. iOS 27 with Siri upgrades is coming, and they want users on a solid foundation first.