[CHY872]

I think a lot of people here have missed the point a little. It's very easy to subvert E2E encryption of this sort, because no Whatsapp user has any way of verifying that they're talking to another Whatsapp user beyond the Whatsapp servers saying so.

The actual apps could carefully perform the E2E encryption, but Whatsapp could easily MITM the data if (say) requested to by an outside agency, without the app being any the wiser.

It's impractical to verify - you'd have to have the source to Whatsapp's servers, guarantees their SSL keys haven't been compromised, etc etc etc.

[gsbabil]

If WhatsApp integrated everything they had in `Axolotl` [0] protocol specification, this wouldn't be the case. If WhatsApp would attempt to MITM, they would have to know someone's private-key (or break the crypto) which never leaves the phone, hence the E2E property.

[0] https://github.com/trevp/axolotl/wiki

[StavrosK]

It's always possible to MITM if you can't verify the signatures. No matter what they implement, the server can just relay messages back and forth.

[Buge]

You don't need to find someone else's private key. Just create your own private key and convince people to send stuff to it.