The Guardian asked to retract its WhatsApp encryption story

This weekend, Bogdan wrote an article about a recent backdoor / vulnerability found in WhatsApp's end-to-end encryption system. The report was originally published by the respectable publication The Guardian, which stated that the way the end-to-end encryption is implemented allows Facebook to see the messages that the users exchange. Now, a group of security experts are openly criticizing the report, asking the newspaper to retract it.

I'm not going to go into the details of the vulnerability, you can find them by following the link above and reading Bogdan's article, but according to an open letter written by a group of security experts, the report isn't completely accurate. According to them, WhatsApp's way of implementing the Signal end-to-end encryption system was a good choice as it makes the app more reliable. The experts also stated that the only scenario in which the vulnerability could prove to be harmful would be if a single user was targeted by "powerful adversaries" with the skills, resources and time. Basically, in the group's opinion the backdoor can't be used for mass surveillance, so The Guardian's report unnecessarily spread panic.

The letter itself is pretty long and honestly, I'm not a security expert, but from what I've read, nothing actually contradicts The Guardian's report. The only thing that's unclear is whether the vulnerability allows third-parties to only see the messages that haven't yet reached their recipient, or all the messages exchanged between the users.

Referenced Android applications

Comments on The Guardian asked to retract its WhatsApp encryption story