[femto]

Does the WhatsApp program generate and store/mange the private keys? If so, it would be possible for the program to send private keys on request, effectively backdooring the endpoint. Such an arrangement would allow Meta to put its hand on it heart and truthfully say it is end-to-end encrypted (on the network), whilst still providing a way around it.

[lxgr]

Yes, but users can compare fingerprints (sure, most probably don't, but it's definitely a deterrence against MITMing all conversations by default), receive warnings whenever fingerprints change etc.

There's also supposedly a key transparency service deployed (similar to Certificate Transparency), but I haven't looked into that in detail.

[BenjiWiebe]

Sharing private keys gets around all that.

[lxgr]

That would require explicit code to do so, which would probably be extremely hard to explain away.

[gkbrk]

Are people publicly archiving, reverse engineering, and auditing every single version of Whatsapp?

Would you even know if you got a special copy of Whatsapp (still signed by Meta and valid) that has this explicit code?

[lxgr]

> Are people publicly archiving, reverse engineering, and auditing every single version of Whatsapp?

Absolutely for archiving: https://androidapks.com/whatsapp-messenger/com-whatsapp/old/

Reverse engineering to some extent as well – it's an extremely popular app, and as such attracts both security researchers and bloggers that just want to get scoops on new features behind feature flags etc.

> Would you even know if you got a special copy of Whatsapp (still signed by Meta and valid) that has this explicit code?

Given the above, it's feasible – at least on Android, it's fairly easy to hash the .apk you've received and compare it to publicly know versions.

The threat of somebody finding unusual code on their phone will probably not deter targeted deploys by sophisticated/state level actors to specific users, but it goes some way towards making it implausible that everybody is running a backdoored version, potentially backdoored by Meta themselves, which is arguably the goal.

[megous]

Yeah. Go review eg. okta verify apk and tell me it doesn't do anything nefarious. It's an app that basically just does a TOTP hash from some short secret for all I care/use it for. I can probably implement what it does for me in about 200-300 lines of C code without any dependencies.

The shit app has 60 MiB compressed. I was not even able to find where in the code it works with the damn secrets it uses for TOTP.

Now do WhatsApp with its zillion features.

If you mean that it's hard to explain away for the devs themselves, then people do much worse things in this world, and are able explain it to themselves just fine as something good, even.