[daedalus_j]

I haven't actually looked into this, but I imagine it works the same way Apple's iMessage: He who controls key exchange controls everything. They don't need to "backdoor" the encryption if they can just add a new (invisible) device to your account that can read all your messages.

Alternatively they could just do it inside the app. Sure messages are e2e from user to user, but then the FB client app can package up the decrypted message and send it off to wherever they want.

A good rule of thumb: If it's not fully open source, it's not actually encrypted from the gov, only from your nosy neighbor. I wonder how long before Australia will go after Signal or Matrix for being actually unreadable to them. (presumably)