Whatsapp has a huge share in this country, and mostly out of necessity, I use it on a daily basis. Which makes this study by the Heise security team in Germany all the more interesting. They MITM’ed a Whatsapp connection and concluded that indeed TextSecure’s end-to-end encryption was being used, as promised. But only on Android devices, not iOS devices. No word on the web interface. Can we all get on Telegram already?
“This seems to be the core problem with WhatsApp’s end-to-end encryption: You never really know if it is actually being used. Neither when sending nor when receiving messages with the official WhatsApp client is there any indication if E2E encryption is in place. Our lab tests only show that messages are encrypted in principle but that is not enough for dependable use in the real world. Even heavier weighs the fact that, as far as we know, WhatsApp has never committed to guarantee its users E2E encryption. E2E encryption with WhatsApp therefore remains a token effort.”