> Has WhatsApp ever had a security leak that we know about?
I don't know of any, but I distrust anything Meta/FB/MZ does, out of principle.
I have more trust in iMessage, but it's incredibly tightly tied to Apple's devices (as far as I can tell, part of its security architecture relies on the hardware/SEP).
Signal (as a non-profit org) could have been a neutral third party everyone could feel safe to trust, but they've lost my confidence when they introduced support for cryptocurrencies - I can no longer trust their motives. It also does not offer any choice over some security/usability trade-offs (like syncing your chat history to a new device); I understand this is critical for e.g. whistleblowers, but a deal-breaker for many of the rest of us.
Yes, a bunch of them. I don't remember any of the years, but from the top of my head:
- Pegasus was installable via Whatsapp calls that didn't need to be installed, probably the most famous vulnerability with the largest impact
- Bunch of multimedia vulnerabilities that allowed attackers remote execution
- At least one huge database dump was released at some point