The end in “end-to-end” sort of hides the fact there are several layers that exist before the data is fully encrypted, in a way that makes it invisible to the transport layer. First of all, you have to type it in to your phone, which exposes what you type to people (or cameras, mind you) around you. Even if your screen is covered, and keyboard, you are still leaking data from your keyboard, both visually and acoustically.
But then there’s also the operating system that your app is running on; you simply rely on the fact that your keyboard isn’t logging things as you type them, your camera isn’t recording when it shouldn’t, so on and so-forth. There are a lot of “loose” ends before the end-to-end shrouds your messages in mathematical secrecy. And then, there’s the recipient. In most cases, you have no idea what situation the recipient is in or who he or she might be. For all you care, they might be just broadcasting your texts to the building across from them.
Encryption is just part of the puzzle, it is definitely not panacea.https://ramblingspace.com/posts/whatsapp-too-gets-hacked/
On one side, I do not want people over at Menlo Park to peer through my chats on Facebook’s WhatsApp nor do I want people in Switzerland to go through my ProtonMail email. I am not sure if they cannot right now, but I know without E2E, they can. I’ll take that side of the deal, and you should too. Similarly, basic encryption protects you from a customs officer at the border having a bad day, or an ex-boyfriend that just wants some dirt. The same argument goes for mitigation dragnet surveillance. Not everyone, yet, can afford NSO Group’s software.https://ramblingspace.com/posts/whatsapp-too-gets-hacked/
Yet, how do you explain to tens of Indians or Myanmar residents that you simply cannot control people’s behavior, when you are benefiting from the encryption mostly? Apple put on a brave face when it resisted FBI’s attempts, but will it be able to do the same if there was a bigger threat to national security? Will Microsoft? Would we even know that these companies cooperated with the government? If Google tomorrow drops a key logger on your phone, I am not sure if anyone would be the wiser.https://ramblingspace.com/posts/whatsapp-too-gets-hacked/