This is possible to do safely
In needs cooperation with the software vendors, but it can be done. Law enforcement officer gets a warrant and provides it to the app vendor. Vendor creates public/private keys and gives the LEO the private key. Then they send a stream of all the communications to the LEO, all encrypted with the public key. Once the warrant expires, the data stream stops.
This doesn't get them anything from the past just like a wire tap, and nothing once the warrant is over. Every warrant gets a new key pair so no one other than the LEO can decrypt the data. And no one gets a stream of the data from the app without the warrant starting the process. None of this is weakening encryption.
This would also work from any government using the same process assuming the app vendor is willing to work with other countries.