In the context of privacy, you can pretty much assume every black box is compromised. With Telegram this black box is the server (the client is open source); with WhatsApp, it's the client. I suppose there's threat models where WA still wins, but knowing it's owned by Meta, I have a hard time imagining what such a threat model would look like.
Is the Whatsapp client really a black box? APKs are fairly straightforward to decompile back to Smali or a reasonable approximation of Java, or people on rooted devices can hook it with Frida. Of course source code would be better, but it would be pretty brazen to stick a backdoor in an app store release. App versions for popular apps get archived by numerous third-party sites, so even a temporary backdoor in one specific version would be archived forever. That would be putting their reputation and billions of dollars on the line.
Non-E2E with black box server code like Telegram is far more concerning, in my opinion. With a system like that, it would be trivial to backdoor and leave behind no evidence after the fact.
shiomiru|3 years ago
pseudo0|3 years ago
Non-E2E with black box server code like Telegram is far more concerning, in my opinion. With a system like that, it would be trivial to backdoor and leave behind no evidence after the fact.