But the key exchange is not the issue then.
Access to private keys is.
If the host system, on which the key exchange runs, is compromised, you’re toast.
Where’s the private key? I can get a new phone, log with WhatsApp and download all the historical messages without intruducing any additional password or key.
@Railcar8095@zergtoshi actually is not my exlerience with whatsapp, since I have the backups disable, everytime I change phones I lost all my conversations. But since whatsapp is closed source, the app can indeed use encryption to comunicate p2p, but I will allways assume that the key is logged by meta, “just in case”
But the key exchange is not the issue then.
Access to private keys is.
If the host system, on which the key exchange runs, is compromised, you’re toast.
Where’s the private key? I can get a new phone, log with WhatsApp and download all the historical messages without intruducing any additional password or key.
I assume they have all the required data too.
@Railcar8095 @zergtoshi actually is not my exlerience with whatsapp, since I have the backups disable, everytime I change phones I lost all my conversations. But since whatsapp is closed source, the app can indeed use encryption to comunicate p2p, but I will allways assume that the key is logged by meta, “just in case”
Sounds like a compromised phone in the sense that it doesn’t protect (and instead transmit) the private key.
That’s not the phones fault, but how WhatsApp works
How is a phone not compromised if it hosts apps that play into the hands of evil actors?
it is not, unless the app can exfiltrate data from other apps
I undersrstand my threat model and how to limit exposure.