But the key exchange is not the issue then.
Access to private keys is.
If the host system, on which the key exchange runs, is compromised, you’re toast.
Where’s the private key? I can get a new phone, log with WhatsApp and download all the historical messages without intruducing any additional password or key.
But the key exchange is not the issue then.
Access to private keys is.
If the host system, on which the key exchange runs, is compromised, you’re toast.
Where’s the private key? I can get a new phone, log with WhatsApp and download all the historical messages without intruducing any additional password or key.
I assume they have all the required data too.
Sounds like a compromised phone in the sense that it doesn’t protect (and instead transmit) the private key.
That’s not the phones fault, but how WhatsApp works
How is a phone not compromised if it hosts apps that play into the hands of evil actors?
it is not, unless the app can exfiltrate data from other apps
I undersrstand my threat model and how to limit exposure.