Understanding & Using Last-Mile Encryption For iPhone
⚠️ Feature Status Update — May 2026
- Last-Mile Encryption (LME) is no longer available to new users effective May 2026.
- Customers who are currently opted in will retain access. However, if they disable the feature at any point, they will not be able to re-enable it.
- An official sunset date for legacy users is to be determined. Further updates will be shared as they become available.
|
|
|
|
Last-Mile Encryption is a defense-in-depth security feature that allows you to route standard SMS and MMS messages through the secure Cape app. This feature protects sensitive communications (like 2FA codes), obscures metadata from cellular towers, and fixes common issues with "Green Bubble" group chats on iOS.
Why use Last-Mile Encryption?
Standard SMS/MMS are not end-to-end encrypted. They are vulnerable to interception by rogue base stations, compromised femtocells, or signaling attacks.
Enabling this feature provides three layers of protection:
- Encryption in Transit: We encrypt your SMS/MMS upon receipt at our core network and deliver them securely through the Cape app (similar to how we handle Encrypted Voicemail). Even if the data is intercepted between Cape and your phone, it is unreadable without the private key stored on your device.
- Metadata Obfuscation: We hide key metadata via SIP encryption. This prevents infrastructure partners (cell towers) from scanning traffic to obtain your device ID (IMEI) or seeing who you are texting.
- Anti-De-Threading: Prevents "Green Bubble" group chats from being broken up into individual messages by iOS.
Note: This feature only applies to SMS/MMS (Green Bubbles). Regular iMessages (Blue Bubbles) will always remain in your Apple Messages app, as they are already end-to-end encrypted by Apple.
How to Enable the Feature
Step 1: Opt-in via Cape App
- Open the Cape App.
- Go to Account → Features → Experimental Features → Last-Mile Encrypted Texting.
- Select Enable.
Step 2: Update APN Settings (Mandatory)
For Group MMS to route correctly to the Cape app, you must manually update your connection settings.
- Go to iPhone Settings → Cellular → Cape eSIM → Cellular Data Network.
- Turn OFF the toggle for "Use Carrier Settings" (if enabled).
- Update the following fields:
Configuration Options
When enabling Last-Mile Encryption, you can choose how much traffic you want to route to the secure Cape Inbox.
| Routing Option | Behavior |
|---|---|
| Enable All |
All non-iMessage SMS and MMS (Green Bubbles) are encrypted and delivered to the Cape App. Best for maximum security of 2FA codes and personal privacy. |
| Enable Just for Group MMS |
Only Group Messages containing non-iPhone users are routed to the Cape App to prevent de-threading. Single SMS messages (like 2FA codes or 1-on-1 texts) will still go to your native Apple Messages app unencrypted. |
Auto-Delete Settings
For increased hygiene and security, you can configure the Cape App to automatically delete messages after a set period.
- Options: 1 day, 7 days, or 30 days (Default).
- Location: Configure this in Messages → Settings (3 dots) → Manage settings.
How Messaging Works
Inbound Messages (Receiving)
Depending on your settings, messages will arrive in the "Messages" tab within the Cape App.
Outbound Messages (Sending)
You have flexibility when sending messages:
- From Cape App: You can compose and reply to messages directly in the Cape App.
- From Native App: You can still initiate texts from the native Apple Messages app. However, the replies (Inbound) will route back to the Cape App if encryption is enabled.
Tip: We recommend checking the Cape App for the full conversation history if you switch between apps.
Secondary Numbers
If you have Secondary Numbers on your Cape account, Last-Mile Encryption is applied to them automatically. All SMS/MMS for secondary numbers will always appear in the Cape App inbox.