MMS messaging is a store and forward protocol similar to SMS. Native MMS protocols leverage both HTTP and SMTP to exchange messages and therefore supports the same set of encryption standards (for example, TLS) for data in transit. MMS delivered to and from a mobile device will always use the carrier access point rather than a WiFi network to retrieve the content from the network. This limits the ability for bad actors to intercept message content at the edge.
Unlike OTT messaging apps which apply end-2-end encryption, MMS messages are stored encrypted but are then decrypted at each hop as they traverse through the network in order to apply business rules, routing, transcode the content, normalize the syntax, apply filters and convert between protocols. Behind firewalls, these message routing systems are not accessible to the public internet. Service Providers have created APIs to make it simpler for businesses to send and receive MMS and connect into these message routing networks. The security of these Service Provider API endpoints is implementation based.
For more information, take a look at the Sinch MMS product page.