Conversation

Wow that is really bad. "If you're using a custom ROM or rooted phone, your [WhatsApp] messages won't be protected with end-to-end encryption."

Quote Tweet

Kilian

@kiliankoe

Aug 11, 2019

PSA: Using WhatsApp on a rooted Android device or running a custom ROM? No crypto for you. faq.whatsapp.com/en/android/260

Replying to

It's being misinterpreted. They're saying that their end-to-end encryption won't be able to protect people on alternative OSes, because they roll back many security features, break core parts of the security model and rarely ship full security updates even when available.

locked-mutex deallocator

Replying to

and

Maybe. That's probably what it means, but that's not what the words on the page say.

Replying to

and

No, not maybe. WhatsApp supports end-to-end encryption on other operating systems. This is a wording issue with their FAQ aimed at non-technical users. They aren't disabling end-to-end encryption on alternative OSes. It may be 2019, but there are still objective facts...

locked-mutex deallocator

Replying to

and

Well until their FAQ is no longer written in politician (write one thing and "mean" the opposite), that's not a sure fact. And I'd audit the code but it's closed source. Signal is better.

Replying to

and

Please stop spreading misinformation. The source code being unavailable does not mean that the code cannot be audited. It is also easily confirmed that this isn't the case. People spreading fake news like this need to stop. It's not okay. It's easy to make fact-based criticisms.

locked-mutex deallocator

Replying to

and

Explain "If you're using a custom ROM or rooted phone, your messages won't be protected with end-to-end encryption." This is misleading at best and needs to be rewritten. And yes it is possible to audit closed source software but it's far more work.

locked-mutex deallocator

Replying to

and

The reason I was saying I wouldn't audit the source to quickly confirm this claim is because I'd have to decompile the app and do a bunch of pointless busywork, all to prove something for an app I'd never use.

Replying to

and

The person making the claim doesn't have a basis for it beyond their clearly incorrect interpretation of the documentation. I'm quite aware of how WhatsApp functions on an alternative OS and I'm not a fan of that misleading documentation, but these incorrect tweets are worse.

Replying to

and

I have a problem with their misleading FAQ but I have far more of a problem with supposedly technical people (unlike whoever wrote / edited that FAQ) spreading clear misinformation that's even more harmful. I've had more than enough of outrage cycles based on fake news. Stop it.

Replying to

and

There is plenty to criticize about WhatsApp based on actual facts. This incorrect claim is harmful because it turns the misleading generalizations in the FAQ into something far worse. The FAQ is annoying in how they generalize / dismiss alternatives but look at what you're doing.

8:53 AM · Aug 12, 2019Twitter Web App