Are Whatsapp and Signal truly secure and user-privacy friendly?

Question

I have been learning the famous "SIGNAL MESSAGING PROTOCOL",
Its brilliantly designed and perfectly secure , but I doubt on its implementations

Famous messenger services like Whatsapp and Signal claim to have implemented the e2e messaging protocol for message privacy , but where are the private keys (of users) stored?

I am pretty much sure that the private key isn't stored in the user's device because , I tired sending a few messages from device "A", switched it off, installed the same app in another device "B" and logged in with the same account. If the private key had been stored in device "A" then , I must not be able to read the messages from device "B" which I had sent through device "A" , but I was able to !!

So its pretty obvious that the private keys too are stored in the app's cloud.

If the messaging service provider too had access to the private key , then they could read any sorts of information transferred between me and the receiver through the app.

And whatsapp claims the following in their signal protocol implementation

Are their claims true?

Just Curious.. I am beginner, please correct me if my interpretation is wrong

Answer 1

WhatsApp has a known security design loophole.

The private keys are indeed stored on the user's device. When you install WA on device B, you will be taking ownership of your account again.

At this point, it's not possible to decrypt messages sent to phone A. Unless...

For user experience reasons, WhatsApp will actively re-encrypt and re-send undelivered (one-checkmark ✔) messages to device B with the newly created keys. This is known as resend vulnerability.

WhatsApp asserted the key retransmission process is a design decision — intended to minimize the risk of messages being lost in transit when, for example, someone gets a new phone or swaps out their SIM.

To explain, the following happens. Please note that there is some simplification:

1. Alice sends text to Bob, who is offline
2. In order to do so, Alice gets Bob's public key from WA server. Specifically, she obtains a set of keys to use in the future
3. Alice sends WA the encrypted messages and obtains the first check
4. Charlie pwns Bob's account, and notifies WA server
5. WA has still messages pending from Alice that can't be decrypted by Bob Charlie, so informs Alice
6. Alice will pull the new keys for Bob Charlie. Since Alice has only one checkmark (message sent but not delivered), she assumes Bob never read those messages.
7. Without user confirmation and before asking for additional identity checks, Alice re-encrypts and re-sends messages to Bob Charlie
8. Bob Charlie downloads the new messages encrypted with Charlie's public keys
9. Alice gets double checkmark (or even blue, if Bob Charlie allows)

However, it happens only for underlivered messages. It means that an attacker capable of taking control of the user account (e.g. SIM swap) is then capable of reading all undelivered messages but not che chat history

Answer 2

According to Durov, CEO of the telegram:

A few months ago I wrote about a WhatsApp backdoor that allowed hackers to access all data on any phone running WhatsApp [1]. Facebook, its parent company, claimed at the time that they had no proof the flaw had ever been used by attackers [2].

Last week it became clear that this backdoor had been exploited to extract private communications and photos of Jeff Bezos – the richest person on the planet – who unfortunately relied on WhatsApp [3]. Since the attack seemed to originate from a foreign government, it is likely that countless other business and government leaders have been targeted [4].

In my November post, I predicted this would happen [5]. The United Nations now recommends its officials remove WhatsApp from their devices [6], while people close to Donald Trump have been advised to change their phones [7].

Given the gravity of the situation, one would expect Facebook/WhatsApp to apologize and pledge not to plant backdoors in their apps going forward. Instead, they announced that Apple, not WhatsApp, was to blame. Facebook’s vice president claimed that iOS, rather than WhatsApp, had been hacked [8].

If you follow my blog, you know I am not exactly an Apple fanboy [9]. iOS devices have loads of privacy-related issues. But this was not one of them – for two reasons:

1. WhatsApp’s “corrupt video” vulnerability was present not only on iOS, but also on Android and even Windows Phone devices. Meaning, on all mobile devices with WhatsApp installed.

2. This security fault was not present in other messaging apps on iOS. Had Jeff Bezos relied on Telegram instead of WhatsApp, he wouldn't have been blackmailed by people who compromised his communications [10].

Consequently, the issue was not iOS-specific, but WhatsApp specific.

In their marketing, WhatsApp uses the words “end-to-end encryption” as some magic incantation that alone is supposed to automatically make all communications secure [11]. However, this technology is not a silver bullet that can guarantee you absolute privacy by itself.

Answer 3

Disclaimer: This is from memory, I haven not looked this up. Maybe if I have time later today, I will come back and update this answer.

I don't believe that the behaviour that you're seeing necessarily means that private keys are stored on the cloud; it could also mean that new devices are automatically sent the chat history from other devices.

The mental picture I have of the Signal protocol is that every chat has a symmetric AES key. Each device has its own RSA keypair. When you add a new device to a given chat (either you're adding a new person, or you're adding a new device for a person already in the chat), then one of the other clients already in the chat needs to take the AES key for that chat, and send it to the new participant using their RSA key.