Apples new security update comes with a catch.AFP via Getty ImagesTiming really is everything. Apple has just confirmed one of iPhones longest awaited security upgrades, plugging a major weakness and expected to come with iOS 19 this fall. This should be good news for millions of users. But dont get too excited. In reality the timing could not be worse, and thats very bad news for users.Apple has confirmed that its finally extending iMessage encryption to include chats between iPhones and Android users kind of. Whats actually happening is the mobile standards setter (GSMA) is updating its RCS protocol and both Apple and Google have confirmed theyll adopt this. It brings a raft of improvements to messaging, but the headline is cross-platform end-to-end encryption coming to RCS.When the FBI and Americas cyber defense agency warned iPhone and Android users to stop texting after Chinese hackers were caught marauding through U.S. networks, their advice was simple only use fully encrypted messaging. The hackers were pulling metadata and even some content. Encryption is your friend. we were all told.Yet just a few weeks later, were talking about encryption for very different reasons. The U.K. is reportedly ensconced in private talks with U.S. officials after its secret/not secret demands (under appeal) for Apple to build a backdoor into everyones data. Meanwhile, France (rejected for now) and Sweden are pushing for legislation to access secure messaging, ahead of the lingering risk that the entire European Union does the same. This is much wider than just messaging, it impacts the core iPhone proposition itself.And before my American readers reach for the popcorn, assuming all this is far from home, the FBI has confirmed that it wants the same, lawful access, and the proposed STOP CSAM bill would, per EFFs warning, endanger encrypted messages.Upgrading iPhones to securely message Androids is still a game-changer. It will be the first time we have had fully secure stock messaging between platforms. Its also a huge technical milestone, the first large-scale messaging service to support interoperable E2EE between client implementations from different providers, says GSMA.And while on the surface it doesnt add anything WhatsApp and other over-the-tops dont already provide, in reality it should be the final expansion of fully secured messaging across the mainstream. This is especially important in the U.S., where iMessage and texting more generally remains a holdout to the likes of WhatsApp.Its also significant because for Apple in particular, it changes the major reason why iMessage has been a walled garden differentiator, notwithstanding regulatory pressure for this to change in the U.S. and Europe. Not only does RCS 3.0 finally secure content, it also adds a range of other features that should make it as usable as iMessage.But there are genuinely dark clouds on the horizon. The encryption battleground is now an emergency for us all, EFF warns, and as privacy advocate Naomi Brockwell puts it, we need privacy, not because our actions are questionable, but because your intentions are. That perfectly sums it up.There are two parallel issues. First, messaging itself under pressure from legislators to access dark content by any means possible, or to push platforms to regulate meaning theyd have to do the same. And second, with encrypted backups under pressure, the cloud-based architectures deployed to sync messages cross device, to restore content to new devices, and to backup content also enables lawful access via those backups. This is the implication from Apples decision to remove encrypted iCloud backups in the U.K., and while Google was quick to confirm its own encryption, it has not denied receiving a similar backdoor mandate from the U.K. government.And so while Apples upgrade is still very welcome and certainly addresses the transmission security weaknesses in SMS and current RCS that was highlighted by Salt Typhoon, its not the unambiguous privacy victory it should have been. The landscape has suddenly changed and it may already be too late to deliver whats been promised.