E2EE guarantees that nobody can read your data while it's in transit. But other threats still exist:
- Your device could be stolen: if you don't have a PIN code or if the attacker bypasses it, they can gain access to your messages.
- Your device could be compromised: your machine could have malware that spies on the information before and after you send it.
Another risk is that someone could insert themselves between you and your peer by mounting a man-in-the-middle attack. This would occur at the beginning of the communication – if you're performing a key exchange, you don't know for certain that it's with your friend. You could unknowingly establish a secret with an attacker. The attacker then receives your messages and has the key to decrypt them. They could trick your friend in the same manner, meaning that they could relay messages and read or modify them as they see fit.
To get around this, many apps integrate some kind of security code feature. This is a string of numbers or a QR code that you can share with your contacts via a secure channel (ideally offline). If the numbers match, then you can be sure that a third party isn't snooping on your communications.
Pros of end-to-end encryption
In a setup without any of the previously-mentioned vulnerabilities, E2EE is indisputably a highly valuable resource for increased confidentiality and security. Like onion routing, it's a technology evangelized by privacy activists worldwide. It's also easily incorporated into applications that resemble the ones we're used to, meaning the tech is accessible to anyone capable of using a mobile phone.
To view E2EE as a mechanism useful only for criminals and whistleblowers would be a mistake. Even the most seemingly secure companies have proven to be susceptible to cyberattacks, exposing unencrypted user information to malicious parties. Access to user data like sensitive communications or identity documents can have catastrophic impacts on individuals' lives.
If a company whose users rely on E2EE is breached, hackers can't extract any meaningful information about the content of messages (provided their encryption implementation is robust). At best, they might get ahold of metadata. This is still concerning from a privacy standpoint, but it's an improvement on access to the encrypted message.