Messaging apps are everywhere, and used by the majority of mankind. They have brought people together, allowed to keep in touch with relatives that live far away or share personal information from the safety of your home. But with all these upsides, they also became ever more interesting for attackers. Encryption goes a long way to protect your privacy, but don't blindly assume it is perfectly safe.
Not all encryption is equal
To the unsuspecting user, the word "encryption" immediately conveys an idea of safety and protection. But there are many different kinds of encryption algorithms, and even more ways to use or combine them. Even when assuming that their implementation and usage are absolutely bulletproof, their protection can vary significantly. Let's look at the telegram messenger as an example: All transmissions and the stored data are encrypted, so it is safe, right? Well, it's not that easy. The data is encrypted when transferred to the server, and and encrypted before it is stored on disk - but between those steps, it is not encrypted. Even worse, the key for the encryption on the server is also stored on their servers, so they could theoretically decrypt all your stored messages if they wanted to, and you would never even know.
Other messenger like signal or whatsapp (which uses signal's protocol) use so-called end-to-end encryption (E2EE). End to end encryption means that the message is encrypted on the sender's device in such a way that it can only be decrypted by the receivers device, not the servers inbetween them. The server only sees encrypted data but cannot read the message contents, even if they wanted to.
Note that telegram can also use end-to-end encryption using its "secret chat" feature, but does not do so by default.
End to end encryption isn't perfect either
Even though end to end encryption is the best we have so far for privacy and protecting the message contents from prying eyes, it isn't perfect either. At the core of it lies public key cryptography, using keys securely stored on your mobile device. Using the android keystore or apple's keychain ensures that other apps or viruses have a hard time accessing the encryption keys, so even if your phone is compromised, they typically remain safe.
That being said, end to end encryption has problems as well: Suppose a company that offers an end-to-end encrypted messenger really wanted to read your messages, there is little that could actually stop them. They could produce an app update that uploads your encryption keys and happily decrypt and read your messages stored on their servers. Or they could decide to decrypt the messages on your phone and upload the decrypted plaintext versions instead.
The important point to note here is that if the app on your phone or the phone itself is compromised, not even end to end encryption can save you. And if the company behind the messenger decides they want to break your protections, they can - any time they like. This threat vector applies even to open-source projects like signal: you have no actual, bulletproof guarantee that the app you download from the app store is really built from the open source code you are able to read, and not from a version that had a backdoor or additional functionality patched in before publishing. It's not a straight-forward thing to pull off, but a dedicated bad actor could do it with enough time and effort. And even if the compromised version is detected quickly, all it needs to do is upload the encryption keys from your phone to their servers, and they have access to the entirety of your messaging history.
Some attack surface remains
Even when ruling out the app author / parent company as potentially malicious, even external threats are viable against end to end encrypted messenger apps.
A simple example would be if your phone was compromised by a trojan or virus that periodically makes screenshots or videos of your screen and uploads them; any message you read is also openly readable on those screenshots - no encryption will protect you against that. No need for encryption keys or vulnerabilities on remote servers - a simple screenshot is enough.
App stores like Google's play store are well-protected, but there is no actual guarantee that a rogue administrator with enough privileges couldn't just switch out the newest messenger app update for a tampered one that looks and feels like the real thing, but also quietly uploads all your messages to some remote server. Play stores offer cryptographic app signing to prevent tampering, but by default that signing only means they guarantee the app update comes from official google/apple servers, not that the author is the same. The app store vendors maintain and have full access to those keys, and could easily sign a malicious, unofficial app update to make it look like an official one, without the app author's knowledge.
The infrastructure of the messenger may also be compromised or abused to alter the messenger's intended behavior. The official codebase itself is an unlikely contender here, especially for open source messengers like signal, but there are more moving parts than the messenger's code, for example it's dependencies. Modern software is built on top of countless smaller libraries that deal with specific tasks like encryption, compression, networking etc. Any one of these tiny utility projects could be hijacked or infected by a malicious actor, to create a vulnerability in software that uses them, like supposedly secure messengers. Utilities are often not subject to the same level of scrutiny as privacy-focused software built on top of them, so a toolchain attack like this is a great way to avoid immediate detection, even in an open-source environment.
The other way to tamper with the official messenger version would be to hijack ci/cd pipelines that manage automated building or deployment tasks. If a malicious actor injected tampered vulnerabilities into the application just before it is compiled and shipped, it would neither show up in the open source repository nor in any of the security audits made against it.
Encryption is still your friend
Even though the tone of this article is generally negative, please don't be discouraged by it. Encryption, especially end-to-end encryption and hardened protocols like the one from signal are still the best way to protect your privacy and personal information. They aren't perfect, but a very decent protection against prying eyes, and well thought-out. But remember that encryption is never a silver bullet: The best way to protect your most private information is to not type it into a device at all. Be careful what you share, and where. Your brain is the best security tool you have, and ultimately the only one you can really trust and control in its entirety.