They can log anything they want and have nothing useful, if the encryption protocol is sound.
Have a look at how TLS is designed, if you want to know more.
I know my way around cryptography, therefor I am skeptical. If push comes to shove, they can simply command the Whatsapp App to silently surrender the keys. Nobody would know, it is a closed source app and protocol, and they can hide what they are doing inside the (probably) TLS encrypted stream.
But the key exchange is not the issue then.
Access to private keys is.
If the host system, on which the key exchange runs, is compromised, you’re toast.
Where’s the private key? I can get a new phone, log with WhatsApp and download all the historical messages without intruducing any additional password or key.
They can log anything they want and have nothing useful, if the encryption protocol is sound.
Have a look at how TLS is designed, if you want to know more.
I know my way around cryptography, therefor I am skeptical. If push comes to shove, they can simply command the Whatsapp App to silently surrender the keys. Nobody would know, it is a closed source app and protocol, and they can hide what they are doing inside the (probably) TLS encrypted stream.
You can have the soundest encryption in the world but if they have access to the keys it doesn’t matter, they can see everything.
But the key exchange is not the issue then.
Access to private keys is.
If the host system, on which the key exchange runs, is compromised, you’re toast.
Where’s the private key? I can get a new phone, log with WhatsApp and download all the historical messages without intruducing any additional password or key.
I assume they have all the required data too.
Sounds like a compromised phone in the sense that it doesn’t protect (and instead transmit) the private key.
That’s not the phones fault, but how WhatsApp works
How is a phone not compromised if it hosts apps that play into the hands of evil actors?
it is not, unless the app can exfiltrate data from other apps
I undersrstand my threat model and how to limit exposure.