An encrypted message is a message that has been scrambled into unreadable characters, so that only someone holding the matching digital key can turn it back into text. To encrypt a message is to run it through a mathematical lock before it leaves your phone. Without the key, the message reads as random noise: no words, no meaning.
When an app says a message is encrypted, it means the app applied that lock before the message traveled anywhere. The word shows up in more places every year, from WhatsApp banners to email padlocks. The label is reassuring. It hides the question that matters: encrypted against whom? The answer depends on which of the two kinds of encryption the app uses.
The two kinds of encryption a message can have
A message in a modern app carries one of two levels of protection: encryption in transit or end-to-end encryption. The names sound similar. They are not. The difference decides who can read your words.
Encrypted in transit
Encryption in transit protects a message on its way between your phone and the company’s server. The connection is sealed, so nobody on the same Wi-Fi network can read along. At the server, the message is opened. The company that runs the service can read it there, and can be required to hand it over. A standard email works this way. So does a regular Telegram chat: only Telegram’s opt-in secret chats are end-to-end encrypted, and everything else is stored with keys Telegram controls.
End-to-end encrypted
End-to-end encryption locks the message on your phone and opens it only on the recipient’s phone. The server in the middle passes along ciphertext it cannot read. Even the company that built the app is locked out. WhatsApp, iMessage, and Signal all protect their standard chats this way. For the full mechanics, read end-to-end encryption, explained.
| Encrypted in transit | End-to-end encrypted | |
|---|---|---|
| Who can read the message | You, the recipient, and the service provider | Only you and the recipient |
| Where it sits readable | On the company’s servers | Only on the two phones |
| Everyday examples | Standard email, regular Telegram chats | WhatsApp, iMessage, Signal |
| Typical label | A padlock icon in the browser | An “end-to-end encrypted” notice in the chat |
What the encryption notice in your chat means
The notice at the top of a chat tells you that this specific conversation is end-to-end encrypted. Open a WhatsApp thread and the first line reads: “Messages and calls are end-to-end encrypted. No one outside of this chat, not even WhatsApp, can read or listen to them.” That banner has opened every personal WhatsApp chat since April 2016, when the company finished rolling the protection out to all users (checked in a live thread, July 2026). Messenger, after years of keeping end-to-end encryption behind an opt-in toggle, switched it on by default for everyone in December 2023. iMessage encrypts blue-bubble conversations end to end, while a plain SMS, the green kind, carries no encryption at all.
A useful reading rule: the label covers the conversation it appears in, and nothing more. Telegram makes the rule visible. Regular Telegram chats show no end-to-end banner because they have none; only a chat you start as a secret chat earns it. Instagram sits in between: a DM is end-to-end encrypted only when the chat carries the label, and standard DMs are protected in transit only. If an app never says a chat is end-to-end encrypted, assume the message is readable at the server.
What an encrypted message does not protect
Encryption solves one problem: reading the message in the middle. It solves that one well. Four things sit outside its reach.
- The phone itself. On an unlocked phone, every message is plain text. Encryption ends where the screen begins.
- The other person. Whoever you write to can screenshot the conversation or forward it.
- Backups. WhatsApp chats copied to iCloud or Google Drive fall outside end-to-end protection unless you turn on encrypted backups, an optional setting since 2021.
- Metadata. The service still sees who messaged whom and when, even when it cannot read a single word.
encryption guards the message in the middle. it cannot guard the two phones at the ends.
Can anyone read an encrypted message?
No one can read a properly end-to-end encrypted message without one of the two keys, and those keys never leave the phones in the conversation. Interception still happens. Reading does not. What an interceptor captures is ciphertext, useless on its own. The realistic path to a private conversation runs through the ends: an unlocked device or a readable backup. This is why messaging apps that advertise the same encryption still differ in practice: the math is public and broadly shared, while what each service keeps around the message is where the differences live. For a side-by-side look at what each service keeps, see encrypted messaging apps compared.
Common questions
Is an encrypted text message the same as a regular SMS?
An encrypted text message and a regular SMS are different things. SMS, the standard green-bubble text, travels through carrier networks with no encryption of any kind. An encrypted text message goes through an app such as iMessage or Signal, which locks it before it leaves the phone.
Why does WhatsApp say my messages are end-to-end encrypted?
WhatsApp shows that notice because end-to-end encryption has been the default for every personal chat since April 2016. The banner is informational. There is nothing to configure, and no setting you changed by accident.
Does an encrypted message mean someone is hiding something?
An encrypted message does not mean secrecy. Encryption is the default in mainstream apps: WhatsApp alone moves on the order of 100 billion end-to-end encrypted messages a day, a figure Meta reported in 2020. Most of that traffic is as ordinary as grocery lists.
Can an encrypted message be intercepted?
An encrypted message can be intercepted, and the interception yields ciphertext, which stays unreadable without a key that never leaves the two phones. The practical risks sit at the ends of the conversation: unlocked devices and unencrypted backups.