Thanks for your explanation.
I knew it was end to end encryption, what I don't/didn't know is that it means that there's no key for Whatsapp/Facebook.
It quite (and perhaps purposely) difficult to follow, if you don’t know.
In layman’s terms, the basic types of encryption are:
In transit (such as https when using the internet)
Encrypted at rest (such as a password vault online)
End to end encrypted (such as signal or WhatsApp)
The first one pretty much only applies to the internet and browsing or sending/receiving data, http is not encrypted, https is. Most of the internet is https these days and most browsers try to force this connection. But attention needs to be paid still.
The second relates to the data and where it’s kept (email, Dropbox type stuff, iCloud etc. The company tends to own the keys so it’s possible (though unlikely except for court orders) for anyone with the keys to view the data (although you can encrypt the data yourself before uploading in some cases, which will mean that they can see the container, but not the data - essentially this is end to end)
The third, end to end encryption refers to any encryption whereby you own the keys, as in the above example. It’s popularised with messaging apps (signal, whatsapp for example), some email apps (protonmail for example), but really it applies to any case where you decide the password and you only know it. Obviously, there are no passwords in relation to e2e messaging apps, and that’s where the encryption protocols come in to play, such as the signal protocol that signal and WhatsApp both use.
This is only a basic overview. Obviously there are caveats and other things involved, and tech companies like to blend and twist the words so pay attention to what they’re saying and seek other advice if it’s critical.
Encryption remains strong mainly becuase the code to actually do the encryption is generally open source, which means that anyone can view the code and those in the know can verify its authenticity and whether or not it’s been tampered with. Obviously in the case of WhatsApp and others, the app itself is closed source, which essentially means they can adjust the code and no one would know. Then there is trust involved. Most companies proclaiming e2e encryption would be reluctant to break that trust, due to the reprocussikms involved, and if it was the case, the wider security community would know almost immediately.