Why E2E Encryption Isn’t Optional, It’s a Medical and Ethical Imperative (And Why Most Local Apps Are Failing)

By Dr. Hamza Mu| Full-Stack Developer | Digital Health Consultant

Let me start with something I’ve said more times than I can count, if your messaging app doesn’t have end-to-end encryption (E2E), it’s not secure. It’s just a digital diary waiting to be read.

I’ve reviewed over 15 local tech apps in the past year, including healthcare apps, from patient portals to clinic communication platforms. And here’s what keeps me up at night: most of them store messages in plain text, accessible directly from the database. No encryption. No keys. Just raw data, like leaving your medical records on a public bulletin board.

Yes, even in “closed” systems. Even if you’re only chatting between doctors and nurses within one hospital network. The moment someone gains access, whether through a misconfigured server, an insider threat, or a simple phishing attack, every message is exposed.

And that’s not just bad design. That’s a breach of trust. And in healthcare? That’s a violation of ethics.

What Is End-to-End Encryption (E2E), And Why It Matters More Than Ever

End-to-end encryption means only the sender and recipient can read the message. Not the app developer. Not the cloud provider. Not the system admin. Not even the database owner.

Here’s how it works:

1. You type a message.
2. Your device encrypts it using a key only your phone knows.
3. The encrypted message travels through servers, but looks like random gibberish.
4. Only the recipient’s device, which holds their private key, can decrypt it.

No decryption happens on any server. No backdoor. No logs. No snooping.

This isn’t theory. This is how Signal, WhatsApp (for messages), and ProtonMail work. And yes, we’ve talked about these open-source apps in our community forums. They’re doing it right. They’re built on principle. And they’re proving that privacy isn’t a luxury, it’s a baseline.

EteSync is an encrypted E2E sync and backup tools for your data

Secure and end-to-end encrypted personal information sync for Android, the desktop and the web. Currently supports calendars, contacts and tasks (using OpenTasks), with more on the way.

MEDevel.com | Open-source Apps for Healthcare and EnterpriseHazem Abbas

Top 13 Open source Messengers with End-to-end Encryption

Open source Messengers with End-to-end Encryption for Android and iOS (iPhone)

MEDevel.com | Open-source Apps for Healthcare and EnterpriseHazem Abbas

Why E2E Encryption Is Non-Negotiable in Healthcare

As a doctor who also builds digital tools for clinics, I see this every day:

• A nurse sends a quick note: "Patient X has elevated BP, check before next shift."
• A doctor shares lab results with a specialist: "Suspected sepsis. Need ICU consult."
• A patient texts: "I’m feeling dizzy after meds, can you call me?"

These aren’t just messages. They’re clinical decisions in motion. They contain sensitive personal health information (PHI). In many countries, this falls under HIPAA, GDPR, PIPEDA, or national health privacy laws.

But here’s the kicker: even if your app complies with regulations, it’s still vulnerable without E2E encryption.

Because compliance ≠ security.

Just because you say “we follow HIPAA” doesn’t mean your database isn’t readable by anyone with admin access. Or worse, a hacker who exploits a weak API endpoint.

With E2E encryption:

• Doctors can communicate freely, knowing no one else can see their notes.
• Patients feel safe sharing symptoms or concerns.
• Clinics avoid costly breaches and reputational damage.

And let’s be honest, when a patient says, “Can I trust this app with my health?”, the answer should be yes. But how can it be, if every message is stored as plaintext?

Secure your messaging with Dino: An End-to-End encryption chat client for Linux and macOS

Dino is a privacy-focused lightweight open-source messenger for Linux desktops. It supports end-to-end encryption out-of-the-box via OMEMO or OpenPGP encryption. In addition to its strong encryption, Dino allows the user to disable read and typing notification either globally or for specific contacts. Currently, Dino offers several distribution packages for all

MEDevel.com | Open-source Apps for Healthcare and EnterpriseHazem Abbas

Why Users Should Demand E2E Encryption (Even If They Don’t Understand Tech)

You don’t need to know cryptography to care about privacy. You just need to care about being seen, and not exploited.

Imagine this:

You send a message saying, "I think I might have depression, I haven’t slept in days."
That message sits in a database, searchable, readable, exportable… by anyone with access.

Now imagine it’s encrypted so only you and your therapist can read it.

That’s power. That’s dignity.

And when users demand E2E encryption, they’re not asking for “extra features.” They’re demanding respect.

So if you're a patient, a caregiver, or a healthcare worker, ask the developers: “Is my message encrypted end-to-end?”
If they say “no,” or “we’ll add it later,” walk away.

You deserve better.

Etebase simplifies building encrypted apps for GDPR, HIPAA, CCPA, and FERPA compliance.

Etebase is a secure, end-to-end encrypted, and privacy-respecting sync solution for contacts, calendars, tasks, and notes. It is easy to use, open source, and seamlessly integrates with existing apps. Etebase is an end-to-end encrypted backend that simplifies building encrypted applications. It offers features like end-to-end encryption, revision history, easy sharing,

MEDevel.com | Open-source Apps for Healthcare and EnterpriseHazem Abbas

The Real Benefits of E2E Encryption (Beyond Privacy)

And yes, I’ve personally audited several open-source apps that implement E2E correctly. They’re not perfect, but they’re trying. And that matters.

Most local apps? They’re built on outdated assumptions: “We’re internal. We’re trusted. We don’t need encryption.” That mindset is dangerous, and outdated.

PGP Encryption for Linux Users: Why It Matters and How to Use It!

What is PGP? PGP (Pretty Good Privacy) is an encryption program that provides cryptographic privacy and authentication for data communication. It’s widely used to secure emails, files, and other forms of digital communication. Created by Phil Zimmermann in 1991, PGP combines symmetric-key and public-key cryptography to ensure messages can be

MEDevel.com | Open-source Apps for Healthcare and EnterpriseHazem Abbas

Final Thought: Security Starts With Design

Encryption isn’t an add-on. It’s not a “nice-to-have” feature. It’s a foundational layer, like clean water or sterile gloves in medicine.

If you’re building a health app, ask yourself:

• Who owns the data?
• Who can access it?
• Can it be intercepted?
• What happens if the database is leaked?

If the answers make you nervous, then E2E encryption isn’t optional. It’s mandatory.

And as someone who wears both the white coat and the developer’s hoodie, I’ll say it again:

If your messaging system doesn’t use end-to-end encryption, you’re not protecting patients. You’re exposing them.

Let’s stop building apps that look secure but aren’t. Let’s build systems that are secure, from the ground up.

Because in healthcare, privacy isn’t a feature. It’s a promise.

P.S. If you're a developer reading this: start with E2E. Use libraries like libsodium, Matrix’s Olm/Double Ratchet, or Signal Protocol. Open-source communities are ready. The code is there. The tools exist. The responsibility is yours.

And if you’re a clinic leader or business owner: demand it. Ask your vendor: "Is my messaging encrypted end-to-end? Can I verify it?" If they can’t answer, find someone who can.

Together, we can build health tech that’s not just functional, but ethical.

Written with care, by a doctor who believes technology should heal — not harm.