What stops E2E encrypted messaging apps from sending your private key to their servers?

As I understand it, apps like iMessage, Whatsapp, Facebook Messenger are end to end encrypted by having the app generate a public and private key on the users device.

The public key is sent to the servers so two users can communicate and the private keys remain on the device so they (and only they) can decrypt it.

With all this talk about “adding back doors” to messaging apps it feels like the government wants to break encryption the hard way when there’s something much easier and less noticeable they could do.

If the app generates both keys, and the user is never aware that this process even occurs, what is stopping the app from just also sending the private keys of people communicating to the server so an agency could decrypt their conversations?

Is there anything in the math of encryption that prevents this, or are all users just relying on the goodwill of app makers to not do so?

Considering any communication is occurring across HTTPS how could one verify that this key is not being sent?

Touch here for the full post on Network Security Noblemen tumblr

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s