This is something people are just not talking about for some reason.
WhatsApp/signal style apps cannot be secure to this sort of attack. You would think now that a public mass attack has been successfully carried out (encrochat) people would get it. I don't know if it's submarine marketing or what but people think the current situation is just fine.
Your contacts weren't known to the WhatsApp server, now they are. There's no reason the next automatic update for signal can't contain code to send your keys to the server, and it wouldn't be the first centralized E2EE app to do that.
The backups are an interesting thing that you bring up. The cynic in me cant help thinking that even as companies posture about being pro privacy, they do design features in a way where they can subvert privacy with plausible deniability.
For instance the move away from screen passwords to biometric things like fingerprints had me thinking about the fact that from a police pov - if they have a suspect in custody, forcing the suspect to put their thumb on the phone is probably a lot easier than getting them to reveal their password.
Phrased another way, I find it hard to imagine that big companies are able to tell the state to take a hike and get away with it.
Which is why I have been very wary on why almost the entire industry has moved to biometrics. In a way its a cheap way of throwing the privacy gauntlet back to the user rather than standing up to governments.
If they are claiming E2EE then they can't admit anything like this if they are to avoid having to produce message content to law enforcement. So for this debate it doesn't much matter if the E2EE is actually bogus.
Are you sure?
You seem to be suggesting the Facebook could instruct whatsapp on my phone to snoop on my messages.
Also my backups of Whatsapp are only on google drive as far as I know.
WhatsApp/signal style apps cannot be secure to this sort of attack. You would think now that a public mass attack has been successfully carried out (encrochat) people would get it. I don't know if it's submarine marketing or what but people think the current situation is just fine.