I am 99% sure Meta/Facebook have secretly broken WhatsApp e2e encryption by adding a second key to all users.
I have security code change notifications enabled, and around November 4, 2021 a large number of my unrelated contacts suddenly had security code changes. There wasn’t any media reporting at the time, but I remember some others mentioning it on Reddit[0] (would love if anyone here can scroll back in their message history and look for security code changes around the same time - maybe we can finally shine some light on this).
Since then I have assumed they are flat out lying about the fact that “not even WhatsApp can read your messages” (direct quote from the iOS app).
Also note that both iMessage and WhatsApp strongly encourage you to enable iCloud backups, which are not e2e encrypted and readable by Apple (Apple only claim backups are “encrypted” and that messages are “e2e” encrypted):
You are right, I should have said they WhatsApp messages are “not e2e encrypted by default”.
However, I still believe Facebook holds a second decryption key for all messages, which they rolled out along with their web access product as described above. So they are not e2e encrypted by any reasonable interpretation of the phrase.
I am not aware of any way to e2e encrypt iCloud backups, so the vast majority of “e2e encrypted” iMessage messages are readable by Apple.
I have security code change notifications enabled, and around November 4, 2021 a large number of my unrelated contacts suddenly had security code changes. There wasn’t any media reporting at the time, but I remember some others mentioning it on Reddit[0] (would love if anyone here can scroll back in their message history and look for security code changes around the same time - maybe we can finally shine some light on this).
Since then I have assumed they are flat out lying about the fact that “not even WhatsApp can read your messages” (direct quote from the iOS app).
Also note that both iMessage and WhatsApp strongly encourage you to enable iCloud backups, which are not e2e encrypted and readable by Apple (Apple only claim backups are “encrypted” and that messages are “e2e” encrypted):
https://www.rollingstone.com/politics/politics-features/what...
At least Apple are not flat out lying like Meta, but they are still being incredibly deceptive with their marketing.
Use Signal if you care about e2e encryption. Everything else is a marketing slight of hand.
[0] https://www.reddit.com/r/whatsapp/comments/qm2ufw/security_c...