And you do this every time there is a new WhatsApp version? How confident are you that you can find any backdoor in the binary? And it doesn't have to be in the encryption/decryption part, all it would need to do is hide the encryption key in a message back to the server, so you'd have to inspect the entire binary every time. Even if you do have the time and skill to do this it's not exactly feasible for most people.
I'm not trying to argue that there is a backdoor, just that in both cases you have to rely on trust.
> You should only trust it if you believe that organizations who want your data can’t invent a good story.
It's not just inventing a story though, their backend is also open source so they've also implemented this story. Of course that doesn't mean there isn't a backdoor in the production version, but you see how the trust you need in both cases is the same.
Edit: Actually the backend isn't open source, I was thinking of signal
And you do this every time there is a new WhatsApp version? How confident are you that you can find any backdoor in the binary? And it doesn't have to be in the encryption/decryption part, all it would need to do is hide the encryption key in a message back to the server, so you'd have to inspect the entire binary every time. Even if you do have the time and skill to do this it's not exactly feasible for most people.
I'm not trying to argue that there is a backdoor, just that in both cases you have to rely on trust.
> You should only trust it if you believe that organizations who want your data can’t invent a good story.
It's not just inventing a story though, their backend is also open source so they've also implemented this story. Of course that doesn't mean there isn't a backdoor in the production version, but you see how the trust you need in both cases is the same.
Edit: Actually the backend isn't open source, I was thinking of signal