Except, not everything is end-to-end encrypted in end-to-end encrypted apps.
That could mean what you type in chats are saved on company computers that corporations such as Apple or your phone provider could read. Details such as the timestamps of every text to your boyfriend might not be under lock and key, either.
That’s not necessarily bad. Each end-to-end encryption choice has trade-offs. More privacy and security could also make it harder for you to use an app, or can shield activity of terrorists and child predators.
The mess I’m describing — end-to-end encryption but with certain exceptions — may be a healthy balance of your privacy and our safety.
The problem is it’s confusing to know what is encrypted and secret in communications apps, what is not and why it might matter to you.
To illuminate the nuances, I broke down five questions about end-to-end encryption for five communications apps.
Is the content of every message automatically end-to-end encrypted?
The biggest encryption caveat is for the built-in texting apps on iPhones and most Android phones in the United States. Those are Apple’s Messages app, also known as iMessage, and the Messages by Google app.
If you use Apple’s app, texts that you send and receive are only end-to-end encrypted if everyone else in the chat is using that app.
If the text you see is in blue, the contents of messages are end-to-end encrypted for everyone in the chat.
Even if Apple wanted to read your texts, it doesn’t have a key to unscramble those messages. (There’s a caveat in the next section about backup copies.)
But the dreaded green bubbles are Apple’s warning. If you’re in a group chat with three people using Apple’s chat app and one person on an Android phone, no one’s texts are end-to-end encrypted.
Each of your mobile phone providers might save every word of your communications. Those companies could, in theory, read your messages, lose them to thieves or hand them over to police with valid legal orders.
Google’s chat app has the same encryption loophole. (For most people in the United States, Messages by Google is the standard texting app on Android phones.)
Your texts in Google’s chat app are only end-to-end encrypted if everyone else is using that app.
Google shows if your texts are end-to-end encrypted with signs such as a lock icon under texts and another on the send button.
For most people using Meta Messenger, previously called Facebook Messenger, someone in a chat must turn on the option for your communications to be end-to-end encrypted.
Are backup copies of your messages automatically encrypted, with no option for the app company to unscramble them?
WhatsApp and Signal don’t let you save copies of your texts or call logs to the app makers’ computers.
That means they don’t have saved message copies in a cloud that crooks could break into.
But if you buy a new phone and forget your password, WhatsApp and Signal can’t really help you transfer all your old texts.
If you back up copies from Apple’s chat app and Meta Messenger, the companies have the keys to unscramble what’s written in encrypted chat copies. Again, these unscrambled text copies can help in criminal investigations or they could be stolen or misused.
Apple recently introduced a choice to fully end-to-end encrypt backup copies of iCloud accounts, which means not even Apple could unlock your scrambled backup texts.
If you pick that option, Apple can’t help recover your chats if you forget your account password.
This risk is why Apple makes this feature a pain to turn on, and requires you to list a plan B if you forget your password, such as a personal contact who knows your decryption code.
WhatsApp has an option to save backup copies of your messages to Apple’s or Google’s cloud. WhatsApp doesn’t save those backups.
For Messages by Google, the company says chats backed up to the company’s computers are automatically encrypted – as long as your Android phone has a screen that you need to unlock with a password or another method.
Google gets an asterisk because it says it cannot unscramble your backup texts in its cloud. But it can for attachments like photos.
Meta Messenger has been testing an option for people to turn on fully end-to-end encrypted backups.
Does the app save your account details in a way it can access?
Most end-to-end encrypted apps save some “metadata,” or details about you or what you do with the app. They can retrieve the metadata if necessary.
The app companies aren’t necessarily specific about which metadata they save and can unlock. This information can make you less private– and it can help in criminal prosecutions.
WhatsApp, for example, may have your general physical location when you use the app and the names of your group chats. Under legal orders, WhatsApp has the ability to log the phone numbers your number communicates with.
WhatsApp says these details can help identify spammers and aid in investigations of potential criminal activity including people who share images of child sexual abuse.
Signal is a yes with an asterisk because it doesn’t save much the app can retrieve – just a phone number used to set up an account and the last time the account connected to Signal.
Are disappearing messages an option?
This isn’t ironclad, either. Someone could take a photo of your messages before they disappear.
Does the app use the Signal protocol?
The Signal protocol is considered a gold standard. No one yet has found holes in the end-to-end encryption technology.
- The truth about WhatsApp’s and Apple’s privacy promises
- What is secure? An analysis of popular messaging apps (Tech Policy Press)
- Details on information the FBI can obtain from encrypted messaging apps (Just Security)