[russell_h]

You're making my point: some Chinese Skype variant did this, back in 2009, and got caught.

There's just no way, in real life, for Facebook to add what you're describing to one of the most prominent messaging apps in the world without somebody noticing.

I'm not here to tell you that your WhatsApp messages are perfectly secure. If the CIA wants to read your messages they'll probably just hit you with the wrench instead of some FB exec. But I do think that transparency logs are deeply under-appreciated for their ability to make undetected mass-surveillance dramatically more challenging.

[mschuster91]

> There's just no way, in real life, for Facebook to add what you're describing to one of the most prominent messaging apps in the world without somebody noticing.

That assumes somebody is digging through each update and the thousands of classes. FFS the OG Facebook app was already blowing past the limits of Android in 2013 [1], and the current Whatsapp app isn't much better - just look at the current APK file:

    2023-04-12 11:38:58 .....      2578508      1171345  classes.dex
    2023-04-12 11:39:04 .....     13312588      6020223  classes2.dex
    2023-04-12 11:39:08 .....      7671448      3310145  classes3.dex
    2023-04-12 11:39:08 .....      2118352       945166  classes4.dex

25MB of already compressed Dalvik code, probably double that if you restore it to Java class files and triple to quadruple that in Java source files. It's impossible to audit that there is no routine pushing keys to, say, the usual analytics backend they use - and to make it worse, according to APKMirror, they push updates every few days [2].

Although my biggest question is... it's a fucking messenger app. Why does it produce a larger binary content than a full-blown Linux kernel?!

[1] https://engineering.fb.com/2013/03/04/android/under-the-hood...

[2] https://www.apkmirror.com/uploads/?appcategory=whatsapp

[qtzfz]

>Although my biggest question is... it's a fucking messenger app. Why does it produce a larger binary content than a full-blown Linux kernel?!

Because it does so much more than messaging. Also, UI code is generally very verbose.

[trifurcate]

Also, conversely, the kernel doesn't do that much. Most of the Linux kernel source consists of device drivers, which compile to modules rather than get bundled into vmlinuz. Many of these modules are also rarely built if ever. The kernel itself really is a pretty small fraction of the complete software bundle that makes a Linux system functional.

[mschuster91]

I know. But still, that amount of compiled code is insane.

[buran77]

> There's just no way, in real life, for Facebook to add what you're describing to one of the most prominent messaging apps in the world without somebody noticing

Your point moved from "key transparency is the defense" to "someone will notice". But if your defense is the hope of "someone noticing" you're in for a big surprise. Sometimes things go unnoticed. Look no further than OpenSSL, open source, used by billions, deployed by companies worth as much as small countries, and yet nobody noticed Heartbleed for years.

So I'll be very cynical that some development flag targeting a handful of people in an app like WhatsApp and then is removed will be so noticeable that it's a strong defense.

[palata]

I think you are trying to say "it's never 100% secure", and the parent agrees with you. The parent is just saying "this is making it more secure (but not 100% secure)".

[crote]

The trick is to push a modified version only to the few clients you want to attack. Use it sparingly and you won't get caught.

[palata]

Or just hack the phone of those few clients with another attack vector. Doesn't mean that security is entirely useless. It depends on the threat model.

[rvnx]

and most of all, do not forget the logfiles on an open server (it was their mistake, otherwise it would have been fine I think)