"Our work is based primarily on the WhatsApp web client, archived on 3rd
May 2023, and version 6 of the WhatsApp security whitepaper [46]."
Did not even look at the continously changing mobile app, only looked at part of the minified Javascript in the web client
Not sure what this accomplishes. Are the encryption protocols used sound, is the implementation correct. Maybe, but the app is closed source and constantly changing
But users who care want to know about what connections the software makes, what is sent over those connections, to whom it is sent and why. There is no implicit trust as to Meta, only questions. The source code is hidden from public scrutiny
For example, the app tries to connect to {c,e8,e10,g}.whatsapp.net over TCP on port 80
The app has also tried to connect over UDP using port 3478/STUN
These connections can be blocked and the user will still be able to send and receive texts and make and receive calls
Meta forces users to install new mobile app, i.e., untrusted, unaudited code, multiple times per year. This install grows in size by over 100%
For example, there were at least four different apps (subsequent versions) forced on users in 2023, five in 2024 and four in 2025
In 2023 the first was 54.06MB. In 2026, it is now 126MB
Why not
"Our work is based primarily on the WhatsApp web client, archived on 3rd May 2023, and version 6 of the WhatsApp security whitepaper [46]."
Did not even look at the continously changing mobile app, only looked at part of the minified Javascript in the web client
Not sure what this accomplishes. Are the encryption protocols used sound, is the implementation correct. Maybe, but the app is closed source and constantly changing
But users who care want to know about what connections the software makes, what is sent over those connections, to whom it is sent and why. There is no implicit trust as to Meta, only questions. The source code is hidden from public scrutiny
For example, the app tries to connect to {c,e8,e10,g}.whatsapp.net over TCP on port 80
The app has also tried to connect over UDP using port 3478/STUN
These connections can be blocked and the user will still be able to send and receive texts and make and receive calls
Meta forces users to install new mobile app, i.e., untrusted, unaudited code, multiple times per year. This install grows in size by over 100%
For example, there were at least four different apps (subsequent versions) forced on users in 2023, five in 2024 and four in 2025
In 2023 the first was 54.06MB. In 2026, it is now 126MB