Facebook Messenger is one of the most popular messaging apps, with over 1 billion monthly active users. Given how much sensitive information people share over Messenger, encryption is an important issue for many users.
In the opening paragraphs, let’s provide quick answers to some key questions about encryption in Facebook Messenger:
Are Facebook Messenger calls end-to-end encrypted by default?
No, Facebook Messenger calls are not end-to-end encrypted by default. The calls are encrypted in transit, but Facebook has access to the content of the calls.
Does Facebook Messenger offer an option for end-to-end encrypted calls?
Yes, Facebook Messenger does offer an optional end-to-end encrypted calling feature called Secret Conversations. To use it, you need to enable Secret Conversations for your chat.
What’s the difference between standard Messenger calls and Secret Conversation calls?
The key difference is that standard Messenger calls are encrypted in transit but Facebook has access to the call contents. Secret Conversation calls are end-to-end encrypted so that only the sender and recipient can access the call contents.
Encryption in Standard Messenger Calls
Now let’s take a deeper look at how encryption works for standard Messenger calls that are not using Secret Conversations.
Facebook states that all standard Messenger calls are encrypted in transit by default. This means the call audio is encrypted while it is being transmitted between the caller and receiver.
However, Facebook still has access to the decrypted call audio. They can store call logs and analyze call data to improve products and ads.
So in a nutshell, standard Messenger calls have:
- Encryption in transit
- No end-to-end encryption
- Call contents accessible to Facebook
The level of encryption for standard calls is similar to what you get with most phone calls. The audio is encrypted while being transmitted, for example over the cellular network, but the carrier has access to the decrypted content.
Technical Details of Encryption in Standard Calls
For the technically inclined, here are some more details on how encryption is implemented for standard Messenger calls, according to Facebook:
- Calls use the Secure Real-time Transport Protocol (SRTP) to encrypt audio packets sent over the internet
- SRTP uses AES-256 encryption for the audio payload data
- Key exchange between devices uses 2048-bit RSA encryption
- Signaling data uses Transport Layer Security (TLS)
So in summary, the call audio itself is encrypted with strong 256-bit AES encryption. The keys are securely exchanged using 2048-bit RSA. Overall, this provides a decent level of transit encryption.
However, without end-to-end encryption, Facebook still has access to the decrypted call audio and metadata like call logs.
End-to-End Encrypted Secret Conversations
Facebook Messenger does provide the option to have end-to-end encrypted calls through the Secret Conversations feature.
To use Secret Conversations, you need to enable it for a specific chat. Here’s how it works:
- Open your Messenger chat with the person you want to have a Secret Conversation with
- Tap their name at the top and select “Go to Secret Conversation”
- This will turn on Secret Conversations for that chat thread
Once enabled, all calls made in that chat thread will be end-to-end encrypted with the Signal Protocol.
Some key properties of Secret Conversations calls:
- Fully end-to-end encrypted – only the two people in the chat can access the call contents
- Encrypted with the Signal Protocol, which is based on AES-256 and Curve25519
- Facebook cannot see or store the contents of the call
- Self-destructing messages can be enabled to delete texts and calls after a set time
So in summary, Secret Conversations provide a high level of security and privacy for your calls. The downsides are that it must be manually enabled per chat, and some Messenger features are not available in Secret Conversations.
Video Calls in Secret Conversations
Originally, Secret Conversations only supported end-to-end encrypted text chats and audio calls. However, Facebook recently added support for encrypted video calls as well.
To make an encrypted video call in Messenger:
- Enable Secret Conversations for the chat
- Tap the video icon in the chat to start a video call
The video call will be fully end-to-end encrypted using the Signal Protocol, just like Secret Conversation audio calls. So you get the highest level of security.
Comparing Call Encryption in WhatsApp
It’s useful to compare Messenger’s encryption options with WhatsApp, since both apps are owned by Meta. Here’s an overview:
| Facebook Messenger | ||
|---|---|---|
| Standard calls encrypted in transit | Yes | Yes |
| Standard calls end-to-end encrypted | No | Yes |
| Option for end-to-end encrypted calls | Yes, in Secret Conversations | On by default |
The key difference is that WhatsApp has end-to-end encryption for all voice and video calls by default. In Messenger, you need to manually enable Secret Conversations for each chat.
Using Third-Party Apps for Encrypted Calls
If you want end-to-end encrypted calls by default when using Messenger, there are some third-party apps you can use:
- Signal – The Signal app supports end-to-end encrypted voice and video calls. You can use Signal while still using Messenger for non-encrypted chats.
- WhatsApp – Since all WhatsApp calls are encrypted, you can use it alongside Messenger when you need encrypted calls.
- Telegram – Telegram offers end-to-end encrypted Secret Chats and calls. You can use Telegram in addition to Messenger.
The advantage of standalone apps like Signal is that they have encryption by default for all your chats and calls. The downside is that you and your contacts need to install the app.
Facebook’s Access to Metadata in Messenger
It’s important to note that even when using Secret Conversations in Messenger or another encrypted app, Facebook may still have access to some metadata:
- They can see that a Secret Conversation exists between two people
- Network data reveals when calls happen and how long they last
- Location data if location services are enabled
The call contents are secured, but this metadata can still provide insights into your activity patterns and social graph.
Some apps like Signal are designed to minimize metadata collection. But when using Secret Conversations in Facebook’s own Messenger app, metadata exposure remains a limitation.
Messenger Key Takeaways
To summarize Messenger’s encryption practices for calls:
- Standard Messenger calls are encrypted in transit but not end-to-end encrypted
- Secret Conversations enable end-to-end encrypted calls using the Signal Protocol
- Secret Conversations must be manually enabled for each chat
- Video calls can also be end-to-end encrypted in Secret Conversations
- WhatsApp provides end-to-end encryption for all calls by default
- Third-party apps like Signal offer end-to-end encrypted calls
- Facebook may still have access to some metadata like call times even in Secret Conversations
So in summary, Messenger does offer end-to-end encrypted calling through Secret Conversations, but this feature needs to be manually enabled, and it does not provide the same level of encryption by default as WhatsApp calls or Signal calls. Use Secret Conversations for your most sensitive calls if you wish to use Messenger. But for fully encrypted communications, a dedicated app like Signal is more ideal.
Conclusion
Facebook Messenger provides transit encryption for all calls and the option for end-to-end encryption through Secret Conversations. However, encryption is not enabled by default for Messenger calls. For full end-to-end encrypted calling on Messenger, users have to manually enable the Secret Conversations feature for each chat where they want enhanced security.
Third party apps like WhatsApp and Signal offer end-to-end encryption by default and may be a better choice if you regularly make sensitive calls. But Messenger can still be used in combination with these apps, using its Secret Conversations feature for any highly sensitive calls while relying on the third-party apps for fully encrypted communications by default.