[_heimdall]

No not at all, its a universal risk since you have to trust the UI.

I should have been more clear there. Its interesting to me that I often see concerns over whether Facebook has encryption backdoors when the UI can do all the work.

[lxgr]

That's arguably still a backdoor, no?

At least I'd call an instant messenger that which claims to provide end-to-end encryption between conversation participants and then surreptitiously inserts itself as another participant.

However, something very active like that would be much easier to detect and prove than a "true" cryptographic backdoor that could possibly be explained away as an oversight in design or auditing.

[_heimdall]

Yeah I think that would fall into the backdoor category. My point was mainly that concerns over E2E encryption usually stop at the level of encryption and transmission.

If one really doesn't trust that Facebook isn't honest about how messages are encrypted and who has access to decrypt them, they also shouldn't use an app made by the same company that by design must have access to the decrypted text.