TL;DR: As the client applications of WhatsApp are closed-source, claims of end-to-end encryption cannot be validated. This invalidates the primary benefit of end-to-end encryption, that is, not needing to trust a third-party.

WhatsApp is an (extremely) popular messaging app, especially in Europe and outside the Apple ecosystem. It bills itself as “end-to-end encrypted”. It is my opinion that such marketing is deeply malicious and borderline incorrect. Due to WhatsApp’s client apps being closed-source, their claims of “end-to-end encryption” cannot be validated and so lack the primary benefit of end-to-end encryption in the first place – that is, not needing to trust a third party.

I installed WhatsApp recently,1 so its claims of “end-to-end encryption” have been on my mind. This post is an attempt to articulate the issues I have with it, and ideally should be readable with or without a technical background / any experience with cryptography.

what end-to-end encryption is

For some background, let’s first discuss encryption. What is it?

Encryption is, generally speaking, the act of making some data only readable by certain parties. This is often done by giving those parties (users or clients, usually) a private key. This key can be shared between all authorized parties (in symmetric-key cryptography), or unique per-user (in public-key cryptography, with shared keys computed from a combination of private/public keys). Encryption is universally used in all modern computers, despite being previously classified as a munition (!!) by the United States of America up until 1996.

I’ll abstain from a walkthrough of any particular cryptosystems here, but there are many accessible and in-depth explanations out there on the internet. (These two are for RSA – a particularly widespread public-key cryptosystem and one subject to the mentioned export restrictions.)

Various encryption schemes have different tradeoffs along the axes of usability/speed and security/privacy. Many of those tradeoffs come in defining exactly who your authorized parties are. It is common / universal to encrypt traffic from web browsers to servers – this treats both the client web browser and the destination server as authorized parties, while treating the rest of the internet (including your ISP) as unauthorized parties, making traffic safe to bounce around. These authorized parties change depending on the setup – if someone sticks a server behind CloudFlare, for example, CloudFlare becomes the authorized party, capable of inspecting the content of traffic beyond just the destination hostname.

What we mean by end-to-end encryption (in the context of internet messagers) is that the authorized parties are only the users running client apps, and no one else. The server – normally treated as trusted for the purpose of web traffic and such – is considered untrusted. Message metadata may be passed along to ensure an encrypted message is delivered to the correct destination user (who can then decrypt it), but the servers of the messaging platform act much like ISPs with encrypted internet traffic – they can see where the traffic needs to go (and could snoop in wrt. that), but are not capable of inspecting the content of the message.

This end-to-end encryption has a concentrated weakness – the client app. While end-to-end encryption removes the need to trust the server (the most malicious action a server could take would be to drop the message), it relies on the client application to get encryption right. Encryption is often extraordinarily complicated, and even in the simple case is very very easy to mess up – small flaws like choosing the wrong pair of numbers or having an incorrectly randomized key can and do lead to the whole system cracking open.2

why i cannot trust whatsapp

End-to-end encryption means that if you trust the client apps, you don’t need to trust anybody else. Assuming your client is encrypting your messages correctly and managing your secret key safely, there is no way for a third party – whether that be WhatsApp, the government, or your seedy ISP – to listen in on the contents of your messages.3

However, we can’t make those assumptions for WhatsApp. The client apps for WhatsApp are closed-source.4 There is no way to know their claimed implementation of “end-to-end encryption” is not backdoored (or even correct).5 WhatsApp can hire third-party auditors all they like, but this changes nothing – this would merely shift the burden of trust, were it not for that the code shown to the auditors needs not even be the same code running on people’s devices.

The only way to trust a system claimed to be “end-to-end encrypted” is for a) the source code of the client apps to be publicly available, and b) the apps to be reproducibly buildable. The source code being public means that independent auditors and cryptographers can inspect it for correctness. The source code being reproducibly buildable into the apps allows for the guarantee that what’s running on your phone accurately reflects the provided public source. As neither of these are not the case for WhatsApp’s client apps, WhatsApp’s apps are not trustable, and there is no way to know that WhatsApp is not reading all your messages.6

On Telegram

Telegram – another popular messenger – is actually better than WhatsApp here, with its clients all open-source and implementing a publicly-audited protocol. Telegram is pretty terrible on all other metrics though and I really can’t recommend it, primarily because end-to-end encryption is only available on a temporary opt-in basis (“secret chats”), but also because it’s a hub of scams and extortion and probably dumps all your metadata to the KGB.

Though on that last one, WhatsApp probably dumps all your metadata to the NSA, so…

Contrast this with another popular messaging application, Signal. Signal takes security and privacy very seriously.7 The source code of their client apps and their servers are all publicly available, they are transparent about the metadata they retain & receive, and they obtain independent audits regularly. But a while back, Signal stopped updating the server source for about a full year, as they quietly worked on adding cryptocurrency and payment integration. I wasn’t very happy about this – being worried that cryptocurrency support would open them up to global regulation, and not being a huge cryptocurrency fan – but as far as security goes, it didn’t matter. They could have been doing anything with their secret server code during that time, and it wouldn’t have compromised the security of their system, because their client apps are open-source and reproducibly buildable.

I don’t trust WhatsApp. I also don’t trust Signal. But unlike WhatsApp, I don’t need to trust Signal. Their client app code is publicly available, and though I lack the technical expertise to verify its correctness myself, who I do trust are the independent community of cryptographers – who keep close eyes on Signal (being the flagship secure messenger), and who trust its implementation.

WhatsApp on the other hand… well, they’re fundamentally untrustable, so you have to take them on their word. And that’s just not something I’m willing to do. Their parent corporation, Facebook, is one of the least ethical tech companies out there – and for tech companies, that’s seriously saying something. And besides, WhatsApp’s security is a mess regardless8 – being closed-source means having significantly fewer eyes on security-related code, and various backup features can easily undermine the whole deal anyway.9

So take WhatsApp’s claims with a hefty grain of salt, and if you’ve got any communication you’d rather Mark Zuckerberg / the United States government not see – consider using Signal.

---

Internet messaging platforms – like all tech platforms, and like technology broadly, really – have serious social lock-in. I’m not a fan of WhatsApp, per this post. And I have some moral scrupulations about closed-source software writ large. But I need it to talk with linguistics and outdoor club friends and I’m not willing to let my principles cut my off from them :c↩︎ 1.

For some fun reading, check out web3isgoinggreat – a warning in what happens when faith is put in buggy code.↩︎ 1.

There is still plenty they can listen in on. Signal (discussed later) priorizes minimizing metadata – information surrounding who talks to who, who sent what when, etc – due to this. But end-to-end encryption (done right) keeps the content of your messages secure.↩︎ 1.

Contrast with open-source, which lets you make changes to programs / is fairly lenient on copyright; and source-available, which lets you view but not modify and distribute the source code.↩︎ 1.

Technically, you can ex. dump the Android APKs, and reverse engineer the application – but this is a monumentous amount of effort and not a feasible way to get eyes on the code.↩︎ 1.

Given what a huge scandal it would be were the existence of a backdoor to leak, the more likely scenario is more along the lines of some three-letter agencies having access to WhatsApp source code to dig for unpatched vulnerabilities. It seems quite unlikely that WhatsApp is reading all your messages to ex. give to Facebook for ad targeting. Though – the point of this post is that they could be, and we don’t know!↩︎ 1.

I’m critical of Signal on several grounds. Their desktop app sucks. They require a phone number to register. They don’t support custom emojis. But with security/privacy, yeah, they rock.↩︎ 1.

Especially around metadata. It does not seem like any metadata is secure. This is not an issue for the security of the content of messages, but is an issue if you don’t want WhatsApp to know who you are and who you talk to.↩︎ 1.

This is relevant for Signal, too. An (Israeli) fork of Signal called TeleMessage was (for whatever reason) also being used by the clowns in the United States federal government. This is why Signal is fairly aggressive about not wanting forks.↩︎