End-to-end encryption (E2EE) is a method of secure communication that prevents third-parties from accessing data while it's transferred from one end system or device to another.
In E2EE, the data is encrypted on the sender's system or device and only the recipient is able to decrypt it. Nobody in between, be they an Internet service provider, application service provider or hacker, can read it or tamper with it.
The cryptographic keys used to encrypt and decrypt the messages are stored exclusively on the endpoints, a trick made possible through the use of public key encryption. Although the key exchange in this scenario is considered unbreakable using known algorithms and currently obtainable computing power, there are at least two potential weaknesses that exist outside of the mathematics. First, each endpoint must obtain the public key of the other endpoint, but a would-be attacker who could provide one or both endpoints with the attacker's public key could execute a man-in-the-middle attack. Additionally, all bets are off if either endpoint has been compromised such that the attacker can see messages before and after they have been encrypted or decrypted.
The generally employed method for ensuring that a public key is in fact the legitimate key created by the intended recipient is to embed the public key in a certificate that has been digitally signed by a well-recognized certificate authority (CA). Because the CA's public key is widely distributed and generally known, its veracity can be counted on, and a certificate signed by that public key can be presumed authentic. Since the certificate associates the recipient's name and public key, the CA would presumably not sign a certificate that associated a different public key with the same name.
The first widely used E2EE messaging software was Pretty Good Privacy, which secured email and stored files, as well as securing digital signatures. Text messaging applications frequently utilize end-to-end encryption, including Jabber, TextSecure and Apple's iMessage.