I have a question about Whatsapp. Of course we know that it’s owned by Facebook and that they get all the metadata (who talks to whom) and your address book’s phone numbers. But the messages themselves are end-to-end encrypted.
Question 1: Given that WA is closed source, is there any way to prove whether it’s actually end to end encrypted? I mean from a business logic, it should be, because if a whistleblower comes out it would be quite the scandal, and also because of stuff like Facebook telling the UK government that they’ll quit the UK market if the E2EE ban comes. But is there any technical way of proving it?
Question 2: Are the chat backups (Google Drive, iCloud) end to end encrypted by default? I know they used to be unencrypted (just “encrypted at rest” with Google/Apple having the keys) and then I think they wanted to add the possibility of E2EE but not sure if that really happened and if so, if it is optional or default?
Because if (1) can be confirmed and (2) is E2EE by default, then actually Whatsapp isn’t that bad of a product, as long as you only care about your messages and not the metadata. It would make Whatsapp better than SMS or unencrypted Telegram/Viber/Facebook Messenger chats at least.