Very interesting observation. There probably still is encryption, but with keys available to Meta... Pretty crazy.
Undelivered WhatsApp messages sent to new device (design concern?)
[deleted]
ryrona After having set up the phone, many hours later, I installed WhatsApp again
The "public key" is kept on the server.
The "private key" is kept on the device.
This raises the following questions:
- How did the private keys survive a factory reset and a reinstall of the Whatsapp application?
- Are the private keys reproducible if the app is reinstalled on the same device?
- How does the private key generation algorithm work?
How Signal Instant Messaging Protocol Works (& WhatsApp etc) - Computerphile
https://youtu.be/DXv1boalsDI
I don't use WhatsApp, nor do I know how it works exactly, but isn't it feasible that after logging in to a new device, contacts' clients are notified and they then send undelivered messages to the new device using new keys? If I'm right, then it's less of an issue, but still not a good feature for people who use WhatsApp for sensitive communications.
To be extra clear, I'm just suggesting a possible explanation above without any knowledge or evidence that my suggestion is correct. I'm just trying to think of another explanation for why ryrona can get old messages.
Either way, I'm not sure this behavior is by itself evidence that WhatsApp messages aren't end to end encrypted. WhatsApp is one of the most popular messaging apps in the world. I think Meta would be caught if they weren't using E2EE.
GrapheneOS's official recommendations are Signal/Molly and SimpleX.
other8026 changed the title to WhatsApp messages delivered to new device (E2EE or design concern?) .
[deleted]
- Edited
other8026 Either way, I'm not sure this behavior is by itself evidence that WhatsApp messages aren't end to end encrypted.
I don't think it brings into question whether or not the messages are end-to-end encrypted.
ryrona all messages that has been sent to me during the day are received, including some photos, and shows up just fine in the app
This statement brings into question how the public and private keys are derived and whether or not they are randomly created or created using an algorithm that is repeatable.
End-to-end encryption is one thing. Key derivation is a totally different story.
[deleted]
ryrona
Ryrona, here is a test sequence for you to try.
Requirement
(2) x separate devices, each with a different phone number for Whatsapp. These devices will be referred to herein as Device 1 and Device 2.
Device 1 add Device 2 phone number as a contact.
Device 2 add Device 1 phone number as a contact.
Device 1 install Whatsapp.
Device 2 install Whatsapp.
Device 1 send a Whatsapp message to Device 2.
Device 2 send a Whatsapp message to Device 1.
Device 1 put in airplane mode with WiFi off.
Device 2 send a Whatsapp message to Device 1 and make a written note of the time sent.
Wait 5 minutes.
Device 2 send a Whatsapp message to Device 1 and make a written note of the time sent.
Wait 5 minutes.
Device 2 send a Whatsapp message to Device 1 and make a written note of the time sent.
Device 2 put in airplane mode with WiFi off.
Device 1 leave in airplane mode and factory reset the device.
Device 1 setup device and install Whatsapp.
Device 1 if you are able to read the messages that were sent by Device 2 this would be a red flag.
Device 2 turn off airplane mode.
Are any messages delivered to Device 1 from Device 2 after turning off airplane mode on Device 2?
- Edited
other8026 isn't it feasible that after logging in to a new device, contacts' clients are notified and they then send undelivered messages to the new device using new keys?
Yes, that's how it works: https://signal.org/blog/there-is-no-whatsapp-backdoor/
when communicating with a contact who has recently changed devices or reinstalled WhatsApp, it might be possible to send a message before the sending client discovers that the receiving client has new keys. The recipient’s device immediately responds, and asks the sender to re-encrypt the message with the recipient’s new identity key pair. [...] The WhatsApp clients have been carefully designed so that they will not re-encrypt messages that have already been delivered. Once the sending client displays a “double check mark,” it can no longer be asked to re-send that message.
other8026 changed the title to Undelivered WhatsApp messages sent to new device (design concern?) .
- Edited
I think the core issue here is that you are able to authenticate using just a phone number. If you go into WhatsApp Settings → Account, you can set a 6-digit PIN or Passkey to be used for logging in instead (just tried the Passkey and got an error though). That should be significantly more secure (in particular the passkey). Signal supports a PIN as well, but it can be a full passphrase if you like.
Titan_M2 Yes, that's how it works: https://signal.org/blog/there-is-no-whatsapp-backdoor/
Okay. That explains my observation totally. It is just I didn't expect they would ask senders to resend already sent but not yet delivered messages under new keys. Strictly speaking, that means some sensitive messages and media might get exposed, without the sender knowing beforehand, just after the fact, so seems like a very bad design choice. But since it is the design choice they have made, messages are still technically end-to-end encrypted between sender and recipient, just some might get exposed.