I had thought that 5+ years ago, Google, Apple, Meta, etc. all created “master” private keys that would allow them to unencrypt users’ data. At the time, the argument used was to combat CSA material/trafficking. I could be wrong, though. I’ll try looking it up later.

Edit:

I did a quick search while on break at work.

Apple claims they have no master key and do not allow governments direct access to their servers. They only provide data when legally required to;

https://www.apple.com/privacy/government-information-requests/

Google claims the same thing.

As for Meta, I could only find anecdotal Reddit posts that seem to somewhat contradict the E2EE claims from Meta, as an example:

https://www.reddit.com/r/privacy/comments/1g6tqg7/meta_ai_scanning_private_conversations/

https://www.reddit.com/r/facebook/comments/1al9dk9/messenger_has_access_to_the_endtoend_encrypted/

So it seems that Meta is likely scanning content before the encryption takes place. So they can still claim that messages are indeed E2EE, but that’s useless when their AI tools are still scanning the content beforehand.

There’s also this recent development:

https://www.medianama.com/2024/03/223-meta-end-to-end-encryption-europe-interoperability-2/

In spite of these processes, Meta has concerns. The blog post said, “Without ownership of both clients (endpoints) we cannot guarantee what a third-party provider does with sent or received messages” and thus cannot assure that messages are safely encrypted and protected. Further they said that with interoperability they would “lose connection level signals that are important for keeping users safe from spam and scams such as TCP fingerprints.”

Finally, Meta said that having a intermediary between third party provider and a Meta server could expose the “chat metadata to the proxy server, which increases the likelihood that this data could be accidentally or intentionally leaked.”

Tldr; I wouldn’t trust Meta’s E2EE.