For open source messengers, you can check whether they actually encrypt your messages and whether the server has access to your encryption keys but what about WhatsApp? Since it's not open source, you can't be sure that the encryption keys aren't sent to the server, right? Has there been a case where a government was able to access WhatsApp chats without reading them from the phone itself?
No. They cant decrypt your chats. They can however backdoor your device and see the pre or post delivery message. Its not hard for them to do. Technically or legally.
If they arent currently logging activity on your device then turning on self destruct messaging could mitigate their ability to spy on you. Unfortunately all your chat partners have to do it too.
Everything I've ever heard about government cryptography from people close to me is that the government (FBI, military) is wildly far ahead of what's available publicly. I wouldn't count on anything you do on the Internet to be truly private.
Another thing to consider is that the US (and probably most 5 eyes countries) have agencies with a "store now and decrypt later" policy. They theoretically could be capturing certain types of traffic and storing it in the massive NSA fusion centers. If you come under suspicion at some later date and the quantum technology has advanced, you could be hosed. Now what's the legality of storing "precrime material" without a warrant? I wouldn't think it is legal but that doesn't seem to stop the 3 letter agencies these days.
Governments, if they want, can decrypt any chat, not just Whatscrap. But it makes a difference if a chat, especially this Zuckerbot shit, directly opens a Backdoor to governments, to give them access, or if they have to bother hacking the chats themselves, which due to its cost and time, is only done with a court order.
Governments, if they want, can decrypt any chat
This is not true. Encryption that is not breakable by anyone - including governments - and the tools to use it have been available to everyone for decades now.
It might be broken later (which is why the US stores encrypted messages) but not right now, and is unlikely to be in the foreseeable future.
They can, all goverments nowadays have at thei disposal Quantum computer, provided by large companies (Google, IBM, Facebook, M$...) Not being able to decrypt messages was valid, in part, a few years ago, but not longer. Microsoft itself is now moving away from using passwords, using logins with physical keys for this reason and others will follow soon. Chat messages are no longer secure, while they do not also use quantum technology. But don't worry, as long as you don't attract attention for being a pedophile or for belonging to a terrorist group, no one is going to bother decoding your messages. Also the Germans in the II WW thought that nobody can read their with Enigma encrypted messages, fail.
What you wrote is science fiction, not fact. So are practical quantum computers, thus far.
It also ignores the fact that quantum computing would do shit all against symmetric encryption (though admittedly that's less relevant for whatsapp, but it's perfectly relevant if you want to exchange secure messages with someone you met physically prior); as well as the fact quantum-resistant encryption algorithms such as NTRU already exist and are already considered for implementation in free software tools (the only reason they aren't is they're far less tested and nobody trusts them yet against conventional attacks).
Governments, if they want, can decrypt any chat
Any source for that claim?
I mean, it's possible given their resources... It just takes long enough to be unfeasible. Also, in special circumstances they can Pegasus your phone and obtain the info without decrypting... Not like you're not screwed anyways when it comes to such drastic measures.
Group chats are also end-to-end encrypted in WhatsApp (so any monitoring would need to be done in cooperation with one of the participants' devices before encryption or after decryption)
In a subpoena case in India, that turned out to be not true.
Source please.
WhatsApp admins hold keys to being able to do that under law pressure.
How do they get the keys?
They only guarantee it for 1-1 messages and statuses, and against “generic” actors for group chats…
Who is "they"?
yowsup is an Open Source implementation of the WhatsApp protocol. So there is proper end-to-end encryption on the protocol level - that would only leave the possibility of having a backdoor in the "official" WhatsApp client, but none has been found so far. BTW, people do actually (try to) decompile the WhatsApp client (or the WhatsApp Web client which implements the same protocol and functionality) and look what it is doing.
For anyone really curious, it's not too difficult to hook into the WhatsApp Web client with your web browsers Javascript debugger and see what messages are sent.
People got arrested for WhatsApp messages in my country so there is a backdoor built in no question
That's mostly group chats and someone from the group showed the comments to the police.
If you did not enable end-to-end encryption for your WhatsApp backups on Google Drive, the US government could possibly compel Google to hand over your encrypted (but not end-to-end encrypted) backup, and compel Meta to hand over the decryption keys for the backup.
Details about how WhatsApp backup works: The Workings of WhatsApp’s Backups (and Why You Should Enable End-to-End Encrypted Backups).
The code is not open source, so it's hard to verify how good the encryption is or if it has backdoors.
But they most likely don't need to decrypt it in transit. One of the vulnerabilities in this system is Google firebase, which delivers notifications to your phone when WhatsApp messages arrive. Ever noticed how those notifications include the message content and the sender? Google has access to this information, despite the encryption.
That's just an example. Google has access to a lot on your phone.
