Why WhatsApp's end-to-end encryption is (or might be) fundamentally flawed


I am not a lawyer or a cryptographer - the following article is based on my current, superficial knowledge in computer science, software licensing and a tiny bit of common sense. Please feel free to contact me if there is any wrong or misleading statement in this article.



A couple of years ago, I took the decision to quit from anything Meta-related, a rather hard move considering WhatsApp is the de facto standard communication tool in the country. Before then, I had already considered moving away from it because I was already relying less on Big Tech infrastructure, but its propaganda^W privacy policy regarding its much claimed end-to-end encryption somehow kept me interested into using it, even if for only a few months more.

On my first attempt at ditching WhatsApp, I tried out several alternatives: starting from Telegram (such a dumb idea, in retrospective) to Tox, even doing some small collaborations on a client implementation of the latter for Android. Unfortunately, Tox being a purely P2P network comes with a significant amount of complexity, issues and half-finished ideas or even missing features, so there was the need to find a middle ground between both. XMPP then seemed like a good tradeoff between user privacy, openness, federation and convenience.

Therefore, moving to XMPP allowed me to use a truly open and decentralised protocol, with a wide spectrum of clients (of varying quality) available for most operating systems. These have been my daily drivers ever since:

Unfortunately, humans do not like moving out from their comfort zones, so most would not care about installing another application on their smartphones just to contact me. Funny enough, such people would not see any trouble in carelessly downloading a privacy-intruding application from a Big Tech Store and fill in all of their personal data in it, just to get a free food sample from a vending machine. 🤷️

Moreover, more often than not, one has to justify the use of such an esoteric tool, and remember them why WhatsApp might not be as good as they think it is. I have had this conversation several times now, so I felt it was a good idea to share it on this website.

But WhatsApp uses end-to-end encryption!

Of course! This is what they clearly state everywhere inside their application, as well as their privacy policy and marketing. Even their white paper describes in much detail how the encryption protocol works. They conclude with the following statement:

The Signal Protocol library used by WhatsApp is based on the Open Source license […] libsignal-protocol-java

Hold on, let’s pause here for a moment. libsignal-protocol-java is clearly licensed under the GPLv3+ license, according to its project site. WhatsApp, on the other hand, clearly is an example of traditional proprietary software, since there is not even source code publicly available.

GPLv3-or-later + proprietary software = proprietary software?

Even if Big Tech benefits from^W^W loves open source software, they avoid copyleft software licenses such as the GPLv3+ like plague e.g.: Microsoft and Google instead typically choosing the more permissive MIT and Apache 2.0 as their default open source licenses, respectively. Unfortunately, these licenses allow them to write misleading or even false marketing to their users, such as the website for Visual Studio Code stating their product is “built on open source”, even if it is, in fact, proprietary software. But well, I guess that is for another article.

That said, Big Tech companies are not so stupid to mix GPLv3-or-later-licensed code with their own proprietary applications, since they are well aware of the legal requirements behind this copyleft license.

But WhatsApp seems to be using such a library. Are they actually that stupid? They even openly collaborated with its maintainer, Open Whisper Systems, so they must be already well aware of its copyleft licensing - it is just impossible that they missed this.

Well, let’s resume by reading the statement above again, with an added emphasis:

The Signal Protocol library used by WhatsApp is based on the Open Source license […] libsignal-protocol-java

The fact that it is based in libsignal-protocol-java does not mean it is.

So, is WhatsApp actually using the officially distributed version? Curiously, even Moxie Marlinspike himself avoided to answer such question, eagerly closed the topic and locked conversations to collaborators only.

Since he is apparently not willing to answer, this makes me think libsignal-protocol-java is, in fact, dual-licensed:

Dual-licensing is not that uncommon: some libraries (such as QCustomPlot or Xpdf) are offered under both copyleft and proprietary licenses - typically, the former would be used by free software projects, while the latter would be sold to for-profit companies for their proprietary software, who can usually afford paying for the library, as a way to monetarily contribute back to the authors.

Actual consequences

Assuming everything said above as true, WhatsApp is then proprietary software running a proprietary library for end-to-end encryption. Virtually, this gives them the power to modify anything from the library, without any changes ever contributed back to upstream or even being publicly available. That doesn’t sound great for a library that deals with user privacy.

Ultimately, this means WhatsApp and its end-to-end encryption implementation cannot be trusted, since it might not equal the implementation provided by the upstream version of libsignal-protocol-java, which is the only that can be publicly audited.

Does this mean WhatsApp’s end-to-end encryption is backdoored?

Possibly not. Well, today it might not.

Tomorrow? Who knows.

Tip: use a truly open and secure alternative, like XMPP or Matrix.