What Is End-to-End Encryption and Which Apps Actually Have It?

End to end encryption (E2EE) is a way of protecting communication so that only the sender and the recipient can read the messages. Everyone else, including the company providing the service, sees only encrypted gibberish. The "ends" in the name are the two devices having the conversation. The encryption happens at one end and is only undone at the other end.

That's the short version. The longer version requires understanding why most messaging is not end to end encrypted by default, what the threat model looks like, and which products actually deliver E2EE versus which products only claim to. I've spent two decades watching companies use the word "encryption" in marketing copy without specifying what kind. The kind matters enormously.

How end to end encryption works

The mechanism uses public key cryptography. Each user has a key pair: a public key that anyone can know and a private key that only the user has. Messages encrypted with the public key can only be decrypted with the corresponding private key.

When you start a conversation with someone in an E2EE app, the app generates a key pair on your device. Your public key gets uploaded to the service so other people can find it. Your private key stays on your device, never leaving.

When you send a message, your app uses the recipient's public key to encrypt the message. The encrypted message travels through the service's servers. The service can see that you're sending a message to someone, and how big the message is, but not the content. The only key that can decrypt the message is the recipient's private key, which lives on the recipient's device.

In practice, modern E2EE protocols use a more sophisticated scheme called the Signal Protocol, which combines several cryptographic techniques to provide stronger guarantees: forward secrecy (so a stolen key can't decrypt past messages), post compromise security (so future messages stay safe even if a key is compromised), and deniability. The Signal Protocol is open source and has been audited by cryptographers. Major messaging apps including Signal, WhatsApp, and Google Messages (RCS chats) use it or variants of it.

What end to end encryption protects against

E2EE addresses a specific threat model: the company providing the service can't read your messages, and neither can anyone else who intercepts the traffic in transit.

This protects against:

The service provider being compelled to hand over messages. If a government subpoenas your messages, the company can produce only encrypted blobs. They literally don't have the keys.

The service provider being breached. If attackers steal the company's database, they get encrypted messages they can't read.

Internal access by employees. Engineers at the service can't read your messages.

Network interception. Attackers on your WiFi, your ISP, or somewhere along the path can't read your messages even if they capture the traffic.

What end to end encryption doesn't protect against

E2EE has limits. The marketing sometimes implies it solves more problems than it actually does.

E2EE doesn't protect messages on your device. Once decrypted, the messages are stored locally. Anyone with access to your unlocked device can read them.

E2EE doesn't protect against the recipient. Once you send a message to someone, they have it. They can screenshot it, forward it, copy and paste it.

E2EE doesn't hide metadata. Even with E2EE, the service provider often knows who you're talking to, when, how often, and how long the messages are. Some apps (Signal especially) work to minimize the metadata they collect, but most apps still log significant metadata.

E2EE doesn't protect against compromised devices. If malware on your device captures keystrokes or screenshots, it sees plaintext before encryption and after decryption.

E2EE doesn't protect against legal compulsion against the recipient. If you send an encrypted message to someone and they receive it, a court can compel them to produce the plaintext.

How to verify a service is actually E2EE

The questions worth asking:

Does the service have access to the plaintext at any point? If yes, it's not E2EE.

Can the service provide the plaintext to a court order? If yes, it's not E2EE.

Does the cryptography happen on the device or on the server? If decryption happens on the server, it's not E2EE.

Is the protocol public and audited? Open source protocols (Signal Protocol, OMEMO, MLS) have been reviewed by cryptographers. Proprietary protocols haven't been verified and should be treated with skepticism.

The shorthand: if a company can read your messages, they're not end to end encrypted. The test isn't whether they say they're encrypted; it's whether the company itself has access to the keys.

Which messaging apps actually have E2EE

Signal is end to end encrypted by default for all messages and calls. The Signal Protocol is the gold standard for E2EE messaging. Signal collects minimal metadata. The nonprofit organization that runs it is funded by donations rather than advertising. Signal is the default recommendation for anyone who wants strong privacy.

WhatsApp is end to end encrypted by default for messages, calls, and media. The implementation uses the Signal Protocol. The metadata collection is more extensive than Signal because WhatsApp is owned by Meta. The encryption itself is solid, but the metadata exposure is significant.

iMessage is end to end encrypted between Apple devices. Messages between iPhones are encrypted. Messages to non Apple devices fall back to SMS or RCS, which has different protection. iCloud backups of iMessages are E2EE if you enable Advanced Data Protection (introduced in iOS 16).

Google Messages with RCS chats are end to end encrypted between users who both have Google Messages. The encryption uses a Signal Protocol variant. SMS fallback isn't encrypted.

Facebook Messenger has E2EE in personal chats since late 2023. Group chats and some other features got E2EE more gradually.

Telegram has end to end encryption only in "secret chats", not in regular chats or group chats. The default chat type is server side encryption, where Telegram has access to the messages. Telegram's marketing often implies more encryption than actually exists in default usage. For E2EE on Telegram, you have to start a secret chat specifically.

Discord is not end to end encrypted. Text messages and most other content are accessible to Discord.

Slack is not end to end encrypted by default. Standard Slack messages are accessible to Slack and to workspace administrators.

Email and end to end encryption

Email is fundamentally not end to end encrypted. The protocol predates the concept.

Standard email between Gmail, Outlook, and other major providers is encrypted in transit and at rest on the providers' servers, but the providers can read all of it.

E2EE email exists but requires both sender and recipient to use compatible tools. The two main standards are PGP and S/MIME. Both require key management that is genuinely difficult for non technical users.

ProtonMail provides E2EE email when both parties use ProtonMail. Tutanota provides similar E2EE for email between Tutanota users.

For most people, email is not the right channel for sensitive communication. Sensitive content should go through dedicated E2EE messaging apps instead.

Cloud storage and end to end encryption

The major providers (Google Drive, Dropbox, Microsoft OneDrive, iCloud Drive) have access to the files you store.

E2EE cloud storage options:

Proton Drive provides E2EE cloud storage with the same security model as ProtonMail.

Tresorit is a Swiss company offering E2EE cloud storage.

Cryptomator is open source software that adds E2EE to existing cloud storage services. You install it, point it at a Dropbox or Google Drive folder, and it encrypts files locally before they sync.

iCloud Drive has E2EE if you enable Advanced Data Protection.

Backups and key recovery

A perennial challenge with E2EE is what happens when you lose your device. The keys are on the device. If the device is destroyed, the keys are gone.

Signal allows encrypted backups to local storage with a recovery passphrase. WhatsApp offers E2EE backups but you have to enable them. iMessage backs up through iCloud; with Advanced Data Protection enabled, the backups are E2EE.

The general tradeoff: if the company can recover your data when you forget your password, they can also be compelled to recover it for other parties. If they can't recover your data, you're permanently locked out if you forget your password.

A quick analogy

End to end encryption is like sending a sealed letter through the postal service. The postal service handles the letter, knows who sent it and who's receiving it, can see how heavy it is. But they can't read the contents because the letter is sealed.

Without E2EE, it's more like sending a postcard. The postal service can read the message just by glancing at it as it passes through their hands.

The seal on the letter is the encryption. The keys to opening the seal are held only by the sender (to seal it) and the recipient (to open it).

The metaphor breaks down at metadata. The "weight and size" of an E2EE message can still reveal a lot: who you're talking to, when, how often. Metadata is the visible parts of the envelope. The actual message contents are hidden, but the patterns of communication can be just as revealing.

Frequently asked questions

If a service is end to end encrypted, can law enforcement still get my messages?

Not from the service provider. The provider doesn't have the plaintext to give. Law enforcement can still get messages from your device (with a warrant or by exploiting the device). Law enforcement can also compel the recipient to produce messages they have.

Is iMessage really E2EE if Apple stores my backups?

iMessage between Apple devices is E2EE in transit. The historical weak point was iCloud backups. With Advanced Data Protection enabled, iCloud backups are E2EE. Without it, the backups remain a gap.

What's the difference between encryption in transit and end to end encryption?

Encryption in transit (TLS/HTTPS) protects data while moving over the network. The service receiving the data can decrypt it once it arrives. End to end encryption protects data so that even the service can't decrypt it.

Can the government ban end to end encryption?

Various governments have tried. Companies have generally resisted, sometimes by withdrawing from markets rather than implementing backdoors. The technical reality is that you can't have a backdoor that's only accessible to "good guys". Any backdoor weakens the encryption for everyone.

Is Signal more secure than WhatsApp?

Both use the Signal Protocol for the actual encryption. The difference is metadata: Signal collects very little, WhatsApp collects significantly more. For threats where metadata exposure matters, Signal is stronger.

What about Telegram's claim of being secure?

Their "secret chats" are E2EE. Their default chats are not. Most Telegram conversations don't use the secret chat feature.

Can I send encrypted messages to people who don't use encryption tools?

Generally no. E2EE requires both ends to participate. If the recipient is on regular email or SMS, your message reaches them in plaintext.

What to do next

If you communicate about sensitive topics, use Signal for those conversations. Setup takes a few minutes. Both parties need the app.

If you use WhatsApp for general conversation, your messages are E2EE by default. The metadata exposure is the main concern for sensitive use. Signal is stronger on that dimension.

If you have an iPhone and want stronger backup protection, enable Advanced Data Protection in Settings.

If you store sensitive files in cloud storage, consider whether the convenience justifies the privacy cost. For genuinely sensitive files, E2EE cloud storage is the right answer.

If you're a journalist, activist, lawyer, or anyone with a real privacy threat model, Signal plus Proton plus other E2EE tools should be your default. The tools work. The protection is real.