[stalf]

Even though I also find it very suspicious that WhatsApp keeps proactively badgering me about turning backup on, I don’t see how this could be exploited by Facebook as the messages are stored in iCloud and Google Drive which it can’t access.

[jononor]

Whatapps needs a Google Drive API token to write that backup, don't they? If so, surely they can read it using the same token?

[crtasm]

My assumption was that the data gets handed off to Google/Apple functions on your phone that handle backups. Could anyone confirm?

[nerflad]

Would there be any way for a user to see if/when the token has been reused? Doubtful but perhaps Google provides (or could provide) some kind of log similar to how Facebook lets you view Active Sign Ins and Sign In history.

[krageon]

Once it has been used, it is too late. This insight would therefore not be a solution to the problem.