For open source messengers, you can check whether they actually encrypt your messages and whether the server has access to your encryption keys but what about WhatsApp? Since it’s not open source, you can’t be sure that the encryption keys aren’t sent to the server, right? Has there been a case where a government was able to access WhatsApp chats without reading them from the phone itself?
It’s not enough to have it be E2E-encrypted; E2E means nothing if the decryption keys are not stored locally.
And aren’t they?
They are not.
As far as I know the private keys are kept on the device and the app generates them. That’s how Signal protocol works afaik. Do you have something to show that it’s not the case for WhatsApp since stuff I searched for seemed to claim that’s the case.
So, I looked it up and according to the official Whatsapp FAQ, the keys are indeed stored locally.
Still, considering WhatsApp is owned by Facebook, I wouldn’t trust them. Their whole business model has always been about harvesting as much data as they can. I wouldn’t be surprised if this turns out to be a total lie.
For sure they’re not trustworthy and can’t really verify either since it’s proprietary app. But I mean more that unless they’ve specifically made some changes, the keys are stored locally. And afaik we don’t really know of cases proving that they are lying about that.
Fair enough, I guess. Still, in my honest opinion, it’s not worth it. They’ve already long since betrayed my trust, so they could say the sky is blue and I still wouldn’t trust them. Lol.