Que? Intelligence agencies have intercepted WhatsApp calls and located message senders? The latter is too vague to get panicked about (request IP from which message was received and request information about the customer with given IP at given time from ISP) but the former would imply Facebook (I'm not calling it "Meta"; bite me, Zuck) not only has access to but is readily handing out users' private keys, meaning all communication over WhatsApp is confirmed to be compromised.Daily Mail wrote:The British Army has banned WhatsApp over fears Russia is hacking the platform to acquire operationally sensitive information.
[...]
Last night, WhatsApp insisted its ‘end-to-encryption’ system was secure and that governments could not intercept personal messages and calls.
But security sources said UK and US intelligence officers have intercepted WhatsApp calls and located message senders for national security purposes. It is considered highly likely Russia has acquired the same capability.
[...]
The ban covers voice calls and messaging. Troops have been recommended to use an alternative chat and messaging service called Signal, which is understood to provide enhanced security features and is favoured by the UK’s Secret Intelligence Service (MI6).
Conversations on Signal are not backed up or stored, thereby reducing the chance of messages being accessed.
[...]
Last night, the MoD said: ‘Alternative messaging apps can be more appropriate for work-related communication due to different types of security settings.
'We are not asking personnel to delete WhatsApp from their work phones and the advice is not linked to the Russian invasion of Ukraine.’
Let's assume that WhatsApp is being truthful and they don't have access to nor do they hand over message content or keys. That could mean one of two things: either the Signal protocol is compromised, which I don't find too likely given the extensive audits it has had but recommending Signal as a viable alternative in that case is amusing, or WhatsApp's implementation of the protocol is flawed and intelligence agencies are purposely not disclosing the vulnerability (because they're not stupid).
