[sufehmi]

3 years ago, my friend, an Indian fact-checker, showed me a screenshot of a WhatsApp screen, showing warning from WhatsApp that a message contains a dangerous link

This (the warning) is only possible if WhatsApp can read your messages

I'm guessing that they read your message on the app. So their claim (end-to-end encryption) is indeed true and correct.

But their app can and indeed has been reading your messages, for the past, at least, 3 years

Which I personally don't mind, when it's done fully automatically (no humans involved) and only for this kind of uses (to warn users of dangers)

[bonzini]

WhatsApp (the app) can obviously read the messages. It can hash the links and check them the same way that browsers do. It doesn't have to happen server-side.

[martinko]

While true, you're being very generous.

[bonzini]

It's how Google's safe browsing API works, so it's not unlikely.

[jannes]

Link previews are generated server-side, I think.

The app sends a request to a Facebook API for every link that you send/receive. Usually this returns the little image + text snippet that you see in the app, but obviously this could also return a message that the link is considered dangerous.

As a site owner you can probably see a request from a Facebook bot when a link to your site is shared on WhatsApp. (not sure how long they cache this)