[muppetman]

People have sniffed the wire for the WhatApp client (on Android, towards another Android) and seen that it is encrypted.

But your point stands - there's no UI to indicate if it was secure or not and the code isn't open so you can't know for sure.

[ikawe]

I'm ignorant. How can you prove that it's encrypted in any meaningful fashion vs, say rot13?

[lovemenot]

We can disprove the existence of strong encryption with a wireshark, but cannot prove it.

Entropy of a rot13 message would be much lower than that of a properly encrypted channel. High entropy is not proof of "meaningful encryption", mind you, since a compressed rot13 or plaintext message would have high entropy too.

[aw3c2]

Encryption on the transport != end-to-end encryption if you consider the users as the ends. The encryption might very well just be from your device to WhatsApp.

[glogla]

Or it might be like with skype - where according to some report (I don't have link right now, sadly) the encryption is used mostly for obfuscating the protocol and to make building alternative clients harder, but it is give so small entropy pool that it's useless for security.