[MyNameIsFred]

I do not see this as an actual rebuttal to the idea of it being a backdoor. The article makes two points: 1. Ultimately, verification falls to the user, so even in a secure system, user error, misunderstanding, and/or laziness can result in becoming compromised 2. Clients can lie to us anyway

The point about this "backdoor" business is that the WhatsApp client does not even give the user the chance to even make a mistake of skipping or mis-executing validation. Instead, it will just make that mistake FOR you, every time, for your convenience!

That utter failure of design, and breach of trust, enables a remote actor (the WhatsApp servers) to access secure data. So yes, it is a "backdoor".

[mattcoles]

The 'remote actor' could always do this though, as there is another 'backdoor', that you and I call the App Store/Play Store, whereby Facebook can push whatever updates they please - including one that could send your decrypted messages back to Facebook - without you knowing as WhatsApp is closed source.