No password access, login through SMS which can be intercepted, no 2FA, no access from another device while you phone is dead, compresses video to 2 pixels, no real crypto auth to speak of.
It does not seem to have any features that are better than Signal, telegram, messenger, or a dozen other apps. Why is it worth any awards or special consideration, besides being popular?
You're not wrong about any of this, but that final phrase weighs far more for most people than anything else. It is a communications app after all, and is only useful if there are people to communicate with.
Just to be even more explicit-this isn’t “popularity” in the sense of a fashion trend. A communication app’s usefulness depends on the number of people with whom you can communicate.
The argument is that purchasing WhatsApp was anticompetitive and allowed Faceboook to cement their dominant market position. WhatsApp the app might be fine, but the competitive landscape is much weaker than it would have been if the FTC had blocked the acquisition.
I posted this elsewhere but I think Ben Thompson gives a very deep analysis of the issues in the competitive landscape here:
The summary would be something like "any acquisition of a social network by another social network is necessarily anticompetitive and should be banned, or at least have the presumption of being illegal".
The only way that there can be a true competitor to Facebook is for a smaller social network like Instagram, or WhatsApp, or TikTok, to not get acquired and to grow until their userbase is bigger.
Zuckerberg understands this well; you can read his emails where he openly admits that buying Instagram is about preempting a competitor:
"There are network effects around social products and a finite number of different social mechanics to invent. Once someone wins at a specific mechanic, it’s difficult for others to supplant them without doing something different.”
“One way of looking at this is that what we’re really buying is time. Even if some new competitors springs up, buying Instagram, Path, Foursquare, etc now will give us a year or more to integrate their dynamics before anyone can get close to their scale again. Within that time, if we incorporate the social mechanics they were using, those new products won’t get much traction since we’ll already have their mechanics deployed at scale.”
I think you can apply the same argument to WhatsApp; by purchasing a rival social network, they prevent it from being a competitive threat.
WhatsApp is one of the most uncomfortable and confusing messaging apps, UX-wise, I've ever used. It's as if they wanted to replace SMS, but were passionate enough about it that they copied all the shortcomings and annoyances, too.
End-to-end encryption in a proprietary app is a joke. "Please trust us we encrypt your messages".
Known backdoors? Can you back that up with a source?
Custom implementation is likely because they want to strike a balance between security and usability.
In short, their implementation allows to change the encryption keys of users without their consent to arbitrary, known keys. The protocol won't re-encrypt sent messages, but there is nothing in the protocol forcing the app to show a notification that your encryption key has changed, which amounts to a man-in-the-middle attack. Any subsequent messages sent or received using that encryption key will be exposed to the attacker.
Encryption keys are managed on servers controlled by WhatsApp.
The headline is false (“WhatsApp Backdoor allows Hackers to Intercept and Read Your Encrypted Messages”), in the sense that hackers can’t actually read and intercept WhatsApp messages. Normally the reporting of a security vulnerability includes a POC of an exploit. There isn’t one here, because hackers haven’t been able to exploit it. If an activist saw this story, got scared of WhatsApp, and decided to use SMS or Telegram instead (especially if they didn’t use the opt-in secret chats feature, which most people don’t), their security got weaker.
That doesn’t really refute the claim that this can be used as a backdoor, however. Since the backdoor is only usable by Whatsapp (or whoever controls them and their servers), a random researcher can’t really release a POC.
Disclaimer: I personally know nothing about beyond the posts in this thread.
I honestly think that this story (from the title) is just a clickbait. Ofcourse you need a central server to share the keys and you need to trust that central server. How do you make sure WhatsApp hasn't changed the keys in middle - there is a scan QR functionality. I honestly don't know how these articles still remain active on websites even after proven wrong and obviously clickbaity
