I have recently changed phones and discovered some weird behavior with whats app that to my understanding means their encryption is not working as advertised. From my undersanding, the e2e encryption of signal/whatsapp works like the following: Each device creates an individual key that is used to authenticate the user, if activated in the settings any contact of that user will get a notification if that key/device changes. Another set of session keys is created for each contact and exchanged with each other. Those keys can be used to send encrypted messages with each other even if the other contact is not online, as the encrypted messages are stored on the whatsapp servers. Now this means, that if someone writes me a message and I have already lost my phone (and my keys) before I receive that message, I cannot read it. However after I lost my phone and reconnected to whats app I received messages from a friend (who was offline at that time) that he sent me some days ago. This means that even though that message was supposed to be end to end encrypted, it was not as it would have been impossible to receive it without the lost keys if it was. It must have been stored on the whatsapp servers unencrypted. Did I miss something?
After turning on your new phone it is asking the sender to "re-encrypt" the message (because you have new keys now) and it is delivered to your new phone. It is now encrypted with the new identity pair and you are able to read it. This can only be done for messages which haven't been delivered yet.
