How Do Messaging Apps Deliver Your Messages? Servers and End-to-End Encryption

5 min read

When you hit send in WhatsApp or iMessage, it feels like the message flies straight to the other person’s phone, but that’s not what actually happens. The message always passes through the company’s server. This one simple fact explains a surprising amount of messenger behavior: how checkmarks turn into read receipts, how messages from while your phone was off still arrive, and why some apps offer a separate “secret chat” mode. In this post, I’ll unpack that inner structure without any code.

Your message goes through a post office #

The basic structure of a messenger is a post office. The message you send first arrives at the messaging company’s server, where it’s stored, and the server delivers it to the other person’s phone. It’s not direct delivery but store, then deliver.

Why build it this way? Because the other person’s phone isn’t always on. Whether it’s airplane mode or a dead battery, the sender should be able to send even when the receiver isn’t there. With the server holding messages like a post office, the moment the other phone reconnects, it can deliver the backlog all at once. That scene where you step off a plane, turn on your phone, and messages come pouring in is proof of this structure.

Delivery splits into two paths depending on the situation. If the app is open, the message flows immediately through the connection already established between the phone and the server; if the app is closed, a push notification wakes the phone up. That subtle lag — where the notification arrives but the content only appears once you open the app — is the result of these two paths working together.

How read receipts work — receipts making the return trip #

WhatsApp’s checkmarks, iMessage’s “Delivered” and “Read,” KakaoTalk’s famous disappearing “1” — they all work on the same principle. At each stage of delivery, a receipt travels back the other way.

  1. My phone → server: a “sent” receipt — in WhatsApp, the first gray checkmark
  2. Server → their phone: a “delivered” receipt — the second gray checkmark
  3. They open the chat and read it: a “read” receipt — the checkmarks turn blue

So two gray checkmarks mean, precisely, “it reached their phone, but the read receipt hasn’t come back yet.” And these receipts are themselves messages that pass through the server. Read indicators, typing indicators, profile-change notices — almost everything you see in a messenger is small letters traveling through the same post office.

Multi-device, where the same conversation shows up on your phone and your PC, is an extension of this structure. Since the server holds the conversation, when a new device logs in, the server just delivers a copy to that device too.

Encryption in transit — an envelope, not a postcard #

Hearing that everything goes through a server might make you uneasy. Couldn’t your carrier, or someone on the same Wi-Fi, read your messages? The first defense against this is encryption in transit. The travel segments — from your phone to the server, and from the server to the other phone — are sealed in an envelope using the same principle as HTTPS. Intercept it along the way and you can’t read the contents.

But this approach has a clear limit. The envelope is opened and resealed at each segment. In other words, on the server, the content sits in a readable state. Regardless of whether the company actually looks, it structurally can, and the content can also be subject to lawful demands from investigators or exposed in a hacking incident. On many services, an ordinary chat stops at this stage.

End-to-end encryption — a letter even the post office can’t open #

The second level is end-to-end encryption (E2EE). It means the message stays locked from one end (my phone) to the other end (their phone): only the phones of the people in the conversation hold the keys. The server stores and delivers the locked letter but cannot open it. It’s a design that makes the content unreadable even to the company itself, so even under a hack or a legal demand to hand things over, all it can produce is a locked bundle.

How far E2EE reaches differs by messenger. Signal applies it to every conversation by default, and so do WhatsApp and iMessage. Other services, such as Telegram or KakaoTalk, keep regular chats at encryption in transit and offer E2EE as a separate opt-in mode, often called a secret chat. That difference is exactly why such a separate mode exists.

Then why not make everything E2EE? Because when the server can’t read the content, the things the company used to do for you get hard. Restoring past conversations to a new phone, server-side search, syncing chats across multiple devices — all of these convenience features run into the hard problem of “how do you move the keys safely?” The features missing from secret chat modes aren’t an oversight; they’re the price of the structure. It’s a trade between convenience and confidentiality.

What to take away #

Once you know the structure, you have a basis for judgment.

  • An ordinary chat on a service without default E2EE is encrypted in transit but readable on the server. That’s fine for everyday conversation, and it’s why such chats are rich in convenience features.
  • Truly sensitive conversations (ID photos, bank account details, and the like) belong in an E2EE mode — or better, not in a messenger at all. A photo, once sent, remains on the other person’s phone and in the server’s storage.
  • Look at backup settings with the same eye. If your chat backups go to the cloud without E2EE, the copy sits open even when the chat itself is locked. It’s worth turning on the encrypted backup option where it’s offered.

To sum up: messages don’t travel directly; they pass through the post office called a server, and a read receipt is just that receipt making the return trip. An ordinary chat seals only the travel segments in envelopes, while end-to-end encryption makes a letter even the post office can’t open. The next time you see a secret chat button, or an “end-to-end encrypted” banner at the top of a chat, I hope you’ll recognize exactly what it’s promising.

X