Discussion in 'mobile device security' started by ronjor, Jan 13, 2017.
By James Rogerson Mobile phones
Don't use, and will never use it. So, no problem, for me.
Anyone looking for an alternative I can recommend signal private messanger.
WhatsApp Denies It Has Backdoor For Decrypting Messages
There is no WhatsApp 'backdoor'
Reported “backdoor” in WhatsApp is in fact a feature, defenders say
Plausible user-convenience trade-off or plausible deniability? Is it even possible to distinguish one from the other?
If/when there is a legitimate security vs convenience decision to be made, should a developer silently default to "convenience" and require users to locate and opt-in to "security"?
Account/Security - Enable show security notifications.
This option is disabled by default.
WhatsApp again dogged by privacy questions, but there's a fix
http://arstechnica.com/security/201...e-umbrage-at-report-its-crypto-is-backdoored/ (posted above)
The HN discussion about WhatsApp contains constructive criticism that might serve as a reference.
Go for https://www.wickr.com
WA is safe; but we only use Signal https://whispersystems.org/
I think you'd need a scoring system in order to rate the safety/security of WhatsApp and similar tools. With bullet points for each of the specific technical requirements that one would want such an application to meet. Which would include whether any messages can be MITM'd, whether users can be alerted to recipient key changes, whether users can be alerted before the new key is used (so they have a chance to verify or abort), whether there is a third-party server in the middle that can collect contact info and/or metadata about messages sent/received, whether the app can be used in a way that protects messages from platform leaks (cloud backups, sync, etc), and so forth.