It is though. Think of it this way. You are a spy, you are communicating with someone over Signal. Signal is e2e. The person you are talking with doesn’t know you are a spy. They’ve verified that Signal is working and yet their secrets keep getting out. They go to law enforcement and say “they’re a spy” and you say “no I’m not, it’s e2e, nothing could have been getting out!”.

If you can read the text on the screen, then it’s past the point of e2e. e2e is just about transmission. It has nothing to do with the endpoints.

In this case Meta can utilize iOS App Groups which allows applications by the same company to access shared data. So imagine the easiest to understand scenario.

You get a message on WhatsApp. Your Operating System takes a screenshot of the message, and sends it off to the FBI. Nothing has broken e2e here. Your OS can’t be trusted (in this example).

Now let’s expand it:

• You get a message on WhatsApp
• WhatsApp takes a screenshot of the message and saves it to its storage. It does NOTHING ELSE WITH IT.
• Facebook (which you also have installed) now accesses that shared data store, utilizing iOS App Groups, takes the screenshot, and sends it to Meta.

Nothing has broken e2e here. The client can’t be trusted, so no matter what you do, e2e doesn’t have to be broken, since the company is untrustworthy. They can claim e2e, implement fully working auditable e2e, and still exfiltrate your data.

Of course, WhatsApp probably isn’t taking screenshots. They can just save off the text after they decrypt it (even if they use the Signal protocol).