RCS Encryption: iPhone-to-Android Photos Are Finally Private (2026)

8 min readBy Viallo Team

On May 11, 2026, Apple and Google began rolling out end-to-end encrypted RCS messaging through iOS 26.5 and Google Messages. For the first time, photos sent between iPhone and Android are encrypted in transit - no third party, including Apple, Google, or your carrier, can see them. The upgrade uses the Messaging Layer Security (MLS) protocol built into RCS Universal Profile 3.0 and is on by default for supported carriers. AT&T, T-Mobile, and Verizon all support it in the US. Three days earlier, Meta removed end-to-end encryption from Instagram DMs. One platform gave you encryption. The other took it away. Your photo sharing choices just got more complicated.

Close-up of two smartphones lying face-down on a wooden table, one iPhone and one Android device, with a coffee cup and napkin in soft morning light

What Just Changed in Your Text Messages

Until this week, every photo you texted from an iPhone to an Android phone - or the other way around - traveled without end-to-end encryption. Your carrier could see it. Depending on the routing, intermediary servers could see it. Law enforcement could request it from your carrier with a court order and get the full-resolution image.

That changed on May 11, 2026. Apple released iOS 26.5 with support for end-to-end encrypted RCS messaging. Google Messages on Android already supports the same protocol. When both sides are running compatible software, a lock icon appears in the conversation. Everything you send - text, photos, videos, files - is encrypted on your device and only decrypted on the recipient's device. Nobody in the middle can read it.

The encryption uses the Messaging Layer Security (MLS) protocol, the same standard the IETF designed for secure group messaging. It's built into the GSMA's RCS Universal Profile 3.0, which means it's not a proprietary Apple or Google feature - it's an open standard that any carrier or device maker can implement.

Viallo is a private photo sharing platform that lets you create photo albums and share them through a link. Recipients view the full gallery - with lightbox, location grouping, and map view - without creating an account or downloading an app. Photos are stored in full resolution on GDPR-compliant EU servers with optional password protection. Viallo does not scan photos for advertising or AI training.

How to Check If Your Photos Are Encrypted

Not all conversations will be encrypted immediately. Both people need compatible software, and their carriers need to support the new RCS profile. Here's how to check.

On iPhone (iOS 26.5 or later): Open Settings, then Messages, then RCS Messaging. Look for the "End-to-End Encryption (Beta)" toggle. If it's there and turned on, your RCS conversations with supported contacts will be encrypted. In a conversation, look for a lock icon next to the contact's name.

On Android (Google Messages): Open a conversation. If you see a lock icon on the send button or next to the contact name, the conversation is end-to-end encrypted. If you see "Chat features" in Settings and RCS is enabled, you're using the right protocol.

Carrier support in the US: AT&T, T-Mobile, and Verizon all support encrypted RCS as of launch day. More carriers worldwide are rolling out support through the rest of 2026.

If you don't see the lock icon, the conversation is either falling back to unencrypted RCS or plain SMS/MMS. Photos sent over SMS/MMS are compressed, unencrypted, and stored by your carrier.

The Instagram Contrast: Encryption Given, Encryption Taken Away

Three days before Apple and Google turned on RCS encryption, Meta turned off encryption on Instagram. On May 8, 2026, Meta removed end-to-end encryption from Instagram DMs. Every photo shared through Instagram direct messages is now readable by Meta.

Meta's explanation was that very few users had opted into encrypted DMs, so they removed the option. They suggested users who want encryption should use WhatsApp instead. But the timing is hard to ignore. The Take It Down Act enforcement deadline hits May 19, requiring platforms to scan for and remove non-consensual intimate images within 48 hours. End-to-end encryption makes automated scanning impossible.

A padlock sitting on a reflective dark surface with blurred colorful lights in the background, shot with shallow depth of field

So in the same week, two things happened. Apple and Google gave 2+ billion smartphone users encrypted photo sharing through their default messaging app. And Meta took encrypted photo sharing away from Instagram's 2 billion users. One moved toward privacy. The other moved away from it.

The practical takeaway: if you're sharing private photos through a messaging app, RCS between iPhone and Android is now more private than Instagram DMs. That's a sentence nobody could have written a month ago.

What RCS Encryption Actually Protects

End-to-end encrypted RCS protects photos while they're traveling between devices. That means your carrier can't see them. Google and Apple can't see them. A hacker who intercepts the data stream gets encrypted gibberish. Law enforcement serving a wiretap order to your carrier gets nothing useful from encrypted RCS messages.

RCS also supports high-resolution media sharing, unlike SMS/MMS which compresses photos to tiny file sizes. So you get both better privacy and better quality in the same upgrade.

For one-to-one photo sharing - sending a few photos to a specific person through a text message - encrypted RCS is now one of the better options available. It's built into the default messaging app on both platforms. No extra app to install. No account to create.

What RCS Encryption Does Not Protect

Encryption in transit is not the whole picture. RCS encryption has real limitations that matter for photo privacy.

  • Cloud backups are not encrypted by default. If either person backs up their messages to Google Drive or iCloud, those backups may not carry the same encryption. Your encrypted photo could end up sitting unencrypted in a cloud backup.
  • Metadata is still visible. Even with E2EE, your carrier and messaging platform can see who you messaged, when, how often, and the size of the files you sent. They just can't see the content.
  • Group sharing is limited. RCS works well for sending photos to one person or a small group. It's not designed for sharing 200 vacation photos with 15 family members. There's no gallery view, no album organization, no way for the recipient to browse photos by location or date.
  • No access control after sending. Once you send a photo via RCS, the recipient has it. You can't revoke access, set an expiration, or password-protect it. It's on their device permanently.
  • EXIF metadata travels with the photo. RCS does not strip GPS coordinates, camera information, or timestamps from your photos before sending. Your location data goes along for the ride.

When to Use RCS vs. Other Sharing Methods

RCS encryption is a genuine improvement for everyday photo sharing. But it's not the right tool for every situation. Here's a practical breakdown.

Use encrypted RCS when: you're sending a few photos to one person or a small group, both sides have compatible devices and carriers, and you want the convenience of your default messaging app with encryption on by default.

Use a dedicated sharing platform when: you're sharing a large collection (event, vacation, wedding), you want recipients to browse photos in a gallery rather than scrolling through a chat, you need access control (password protection, link expiration), or your recipients include people on carriers that don't support encrypted RCS yet.

If you need to share a large photo collection privately with a mixed group of people, a platform like Viallo handles that differently than messaging. You upload photos once, get a shareable link, and recipients view the album in their browser with no app or account needed. You keep control over who can access it and can add password protection.

The Bigger Picture: Encryption Is Becoming the Dividing Line

This week drew a clear line. On one side: Apple, Google, and the GSMA building encryption into the default messaging standard for billions of phones. On the other: Meta removing encryption from one of the world's largest messaging platforms to make content scanning easier.

A person walking through a city crosswalk at dusk, photographed from behind, with buildings and traffic lights blurred in the background

The pattern is worth watching. As regulations like the Take It Down Act require platforms to scan for specific content, encrypted services face pressure to either weaken encryption or find alternative compliance approaches. Instagram chose to drop encryption entirely. Apple and Google chose to push forward with it anyway - at least for messaging.

For your photos, this means the platform you choose matters more than ever. Not all"private" messaging is equally private. And texting is only one way to share photos. For anything beyond a quick one-off send, you need a sharing method that gives you control over access, quality, and metadata - not just encryption in transit.

Viallo's approach is to store photos at full resolution on European servers with no AI scanning, let you share through password-protected links, and give recipients a proper gallery experience without requiring an account. The free plan includes 2 albums, 200 photos, and 10 GB of storage - enough to try it without committing.

Frequently Asked Questions

What is the best way to send photos privately between iPhone and Android?

As of May 2026, RCS with end-to-end encryption is the best way to send individual photos privately between iPhone and Android. It's built into the default messaging app on both platforms and requires no extra app. For sharing large collections, Viallo lets you create a password-protected album that anyone can view through a browser link without an account. Signal is another strong option for encrypted one-to-one messaging but requires both people to install the app.

Are RCS photos encrypted by default in 2026?

Yes, if both people are running iOS 26.5 or later (iPhone) and the latest Google Messages (Android) with a supported carrier. AT&T, T-Mobile, and Verizon support encrypted RCS in the US. You'll see a lock icon in the conversation when encryption is active. If you don't see the lock icon, the conversation is not encrypted and photos are visible to your carrier.

Is it safe to share family photos through text messages now?

It's safer than before. Encrypted RCS means your carrier and intermediaries can't see the photos in transit. But cloud backups of your messages may not be encrypted, and EXIF metadata (including GPS location) still travels with the photo. For family photo sharing where you want a proper gallery experience and privacy controls, Viallo lets you create albums with password protection and share them via a link - no app needed for viewers. Google Photos also works for families but requires everyone to have a Google account.

What is the difference between RCS encryption and iMessage encryption?

iMessage has been end-to-end encrypted since 2011, but only between Apple devices. RCS encryption works between iPhone and Android, which is the gap that existed until now. Both use strong encryption protocols. The practical difference: iMessage is Apple-only, while encrypted RCS works cross-platform. Neither protects cloud backups by default, and neither strips EXIF metadata from photos before sending.

Can I share photos privately with someone who doesn't have a smartphone?

RCS encryption requires both people to have a compatible smartphone and carrier. For sharing with anyone regardless of device, Viallo generates a shareable link that opens in any web browser on any device - smartphone, tablet, laptop, or desktop. Recipients see the full photo gallery without installing anything. You can add password protection for an extra layer of security. WhatsApp also works on most devices but requires the recipient to create an account.

Related articles

Is WhatsApp Safe for Photos? What Your Shared Images Reveal (2026)

WhatsApp's end-to-end encryption protects photos in transit, but unencrypted backups, GPS leaks in high-quality mode, and metadata sharing with Meta create real privacy gaps most users don't know about.

Read more

Is Telegram Safe for Photos? What Telegram Actually Stores (2026)

Telegram's regular chats aren't end-to-end encrypted and every photo is stored on Telegram's servers with keys Telegram holds. Since Durov's arrest in 2024, Telegram shares user data with law enforcement. Here's what that means for your photos.

Read more

iCloud Photos Privacy: What Apple Does (and Doesn't) Protect (2026)

A detailed analysis of iCloud Photos privacy - what Apple encrypts, what it doesn't, and what settings you should change now. Includes comparison with Google Photos and alternatives for stronger photo privacy.

Read more