The FBI and other 3 letter agencies are known for spying on people, often with questionably methods or without due process. This has been facilitated by the US counter-terrorism acts post 9/11 which gave law enforcement much greater visibility into the lives of US citizens*. That is why the following statement came as a surprise to privacy advocates:
Last week, the FBI warned iPhone and Android users to stop texting and to use an encrypted messaging platform instead**. The news made global headlines, with cyber experts urging smartphone users to switch to fully secured platforms—WhatsApp, Signal, Facebook Messenger.
Source: Forbes
Nonetheless, we in Mauritius had the entertainment of seeing highly confidential and sensitive phone calls between politicians being leaked by a certain Missier Moustass online. The catch being that certain of these calls were over the supposedly end-to-end-encrypted (e2ee) Whatsapp app.
At this point, I'll briefly explain e2ee for the not-so-technical people. Imagine you have a box. You put your message in this box, and lock the box. Only the recipient has the key to open this lock. This means if the postman delivering the box wants to take a peak, they cannot as they do not have the appropriate key. The two parts of the encryption routine will be held by the Whatsapp app on each device.
How can you bypass this e2ee to listen in on phone calls, as was the case in the Moustass Leaks? Well, the actual locked box is passed between apps. On the receiving end, you still have to unlock the box to read the contents of the message (or part of the call). And that's where you get spied on; unbeknownst to you, there's a little spy sitting on your shoulder reading everything in that box!
This little spy could be in the form of a microphone in the room listening to you talk and listening to the phone's speaker, as old spy movies demonstrated. Or it could be a virus which is listening in through the microphone you carry around with you everywhere - the one on your phone. In the case of messages, it could be malware which takes screenshots of your screen and then uses Optical Character Recognition to extract the text.
Bottom line, while e2ee protects you from any middlemen spying on you, it doesn't protect you against exploits or other vulnerabilities outside of the app. As such, the FBI went on to advise more precautionary measures to minimise the risk of your conversations being listened in on:
use a cell phone that automatically receives timely operating system updates, responsibly managed encryption and phishing resistant MFA for email, social media and collaboration tool accounts
* This is why laws and bills promising better internet "safety", such as the Kids Online Safety Act are (rightfully) opposed.
** Contrary to popular belief, your calls and messages over a mobile network (mtml, emtel, myt) are unencrypted.