- Edited
This is odd. At least I believed WhatsApp when they said all messages and media is end-to-end encrypted using the Signal protocol, and that not even WhatsApp themselves can read them.
WhatsApp's end-to-end encryption is used when you chat with another person using WhatsApp Messenger. End-to-end encryption ensures only you and the person you're communicating with can read or listen to what is sent, and nobody in between, not even WhatsApp. This is because with end-to-end encryption, your messages are secured with a lock, and only the recipient and you have the special key needed to unlock and read them. All of this happens automatically: no need to turn on any special settings to secure your messages.
https://faq.whatsapp.com/820124435853543
That is on their website, but there are numerous places in the app that tell the same. I mean, it is an proprietary app so we don't really know, and have to trust their word on it, and the app is developed by Meta, a company not exactly well-known for privacy. But I was still shocked by this.
I shut down the phone the usual way. Then I entered bootloader mode and factory defaulted the device from there. After having set up the phone, many hours later, I installed WhatsApp again. It asked me for my phone number, then I input the verification SMS code I got, and poof, all messages that has been sent to me during the day are received, including some photos, and shows up just fine in the app. All I entered, all the app knows, is my well-known publicly available mobile phone number. I mean, if there is any encryption at all, it is derived from my phone number.
This is the biggest scam ever. Or maybe not, but I was still shocked.
Bottom line, messages and media in WhatsApp chats, both 1:1 chats and group chats, are not encrypted at all, contrary to what WhatsApp UI and their website says. There is zero encryption.