WhatsApp does use the Signal protocol, but unlike Signal only applies it to Messages, Calls and Status.
Your profile info, who you’re talking to, when you’re using the service, groups you’re in, channels you’re following and much more is left unprotected intentionally.
For instance, Signal sends your profile end-to-end-encrypted instead of leaving it freely accessible on servers.
taanegl@lemmy.world 6 months ago
Public-private key signing, using up to date cryptography. That’s it. It’s also “quantum safe”, because all cryptography used by the public goes through peer review processes.
Microsoft as well as Meta have contracted Whisper Systems, but there’s no way of guaranteeing that the signing process is functionally working or if it’s been broken. If it’s run server side, you have no clue. If it’s run client side, there’s still a question if the process hasn’t been tampered with in some way.
Remember: there is no such thing as cryptography with a backdoor. At that point, it’s just a secrets system.