Do not let your messages leak.
getty
Updated on Jan. 16 with reports into Apple’s new messaging change for iPhone.
It’s all change for text messaging. The surprise news that Apple may add fully encrypted texting to iMessage as soon as with its next update fixes its biggest security gap. All eyes now on iOS 26.3 to see what is released and how quickly carriers enable it.
This is critical because U.S. federal agencies repeatedly warn that texting without the protection of end-to-end encryption is not recommended. Apple’s update — and the same from Google — will bring cross-platform, WhatsApp-like security to the stock messaging apps on Android and iPhone for the first time.
But even if you are using WhatsApp or Signal or another fully encrypted over-the-top messaging app as your default, those federal agencies still have advice for you. Some of this should be self-evident. But at least one recommendation may surprise you. And it rules out Apple’s new update, even if the encryption issue is finally fixed.
ForbesHundreds Of Millions Of iPhones Must Reboot Now—Are You Affected?By Zak Doffman
“Avoid scanning group-invitation links or QR codes from unknown sources,” America’s cyber defense agency says. CISA’s warning will resonate now, given Iranian hackers have just been caught attacking foreign citizens using this tactic.
Similarly, you should “remain suspicious of unexpected security alert messages,” you should also check for and remove any unrecognized linked devices, and you must never share any security codes texted to your phone.
But CISA also says “enable message expiration features to automatically delete sensitive messages after a set period.” This so-called disappearing message feature is available on WhatsApp and Signal and Facebook Messenger. All of which are fully encrypted.
There is no such option in Apple’s iMessage, and while you can do this from within Google’s app, unless iMessage adds the same then it doesn’t provide a full solution.
Disappearing messages is a controversial topic, especially within a work or regulated context. But it’s now increasingly popular. If you don’t use it, a record of everything you say will remain on your phone and all recipients phones — potentially forever.
While CISA’s warning to delete sensitive messages refers specifically to the expiring or disappearing message feature in apps such as WhatsApp and Signal, there is an even more critical aspect to this that needs to change.
Not only does Apple not offer expiring messages within iMessage, but even the option to delete and “unsend” texts sent in error is very limited. As expectation widens that Apple may now upgrade RCS, perhaps with its imminent iOS 26.3, this needs to change.
ForbesGoogle Starts Scanning Your Photos For People And Places—Decision TimeBy Zak Doffman
Whether Apple decides to expand its limited unsend option to RCS messages is critical. It’s in the protocol and can be done. But Apple says “to unsend or edit text messages, you must be using iMessage with iOS 16, iPadOS 16.1, macOS 13, visionOS 1, or later.”
That means, specifically, “SMS, MMS, or RCS text messages can’t be edited or unsent. It’s arguably more important to change that specific sensitive message setting as the broader expiration for all messages. Ideally, Apple matches Google and now adds both.
Don’t hold your breath. This will all take time to land. As Android Authority points out, while it’s now clear that “Apple is working on end-to-end encryption for RCS in iOS 26.3 Beta 2,” it seems that “only four carriers (all residing outside of the U.S.) have this line of code, and none of them have flipped the switch yet.”