4

As a follow up to Whatsapp encryption keys discussion and from WhatsApp security whitepaper, it seems that most of the components to a fully secure end-to-end encryption are already there but what seems to be lacking is a fully trusted open-source client that does not secretly transmit private keys to the server.

Not claiming WhatsApp client does it, but we would never know unless the client is open source.

I'm wondering if it's possible, with the current information that's available from WhatsApp or are there still any proprietary missing piece that is stopping us from building that?

Community
  • 1
uzyn
  • 149
  • 5
  • 1
    There's a reason why competitors with more openness around their protocol have been created. [Telegram](https://telegram.org/), for instance, is open source, has an openly available API and [runs contests](https://telegram.org/blog/cryptocontest) in which you can win large amounts of money ($300,000 in the most recent contest) if you can break their encryption. Rather than trying to make WhatsApp something it's not against the wishes of its owners (transparent and open), I recommend switching to an alternative that is, if those are things you value. – Alex Apr 08 '16 at 09:38

1 Answers1

2

The last position that I heard from WhatsApp is that they won't be offering a public API.

http://www.programmableweb.com/news/whatsapp-will-not-release-public-api/2015/03/30

Until they do, that's a huge sticking point. Unless of course they open sourced their own client...

Nathan
  • 812
  • 6
  • 12
  • The security whitepaper seems to have described a lot of the protocols, just wondering if it's technically possible for any 3rd parties to create a 3rd-party client? – uzyn Apr 08 '16 at 08:03
  • 1
    Probably fairly impossible to do it without WhatsApp noticing - if you mean effectively reverse-engineering their private api. If they don't want someone to do that, they can then easily break the 3rd party client while keeping their client working (it's a private API, so obviously it's their right to change it as they see fit) So, unless WhatsApp gives you their blessing, you're never going to have a client that's as reliable as the real thing. – Nathan Apr 08 '16 at 08:15