As I understand it, apps like iMessage, Whatsapp, Facebook Messenger are end to end encrypted by having the app generate a public and private key on the users device.
The public key is sent to the servers so two users can communicate and the private keys remain on the device so they (and only they) can decrypt it.
With all this talk about “adding back doors” to messaging apps it feels like the government wants to break encryption the hard way when there’s something much easier and less noticeable they could do.
If the app generates both keys, and the user is never aware that this process even occurs, what is stopping the app from just also sending the private keys of people communicating to the server so an agency could decrypt their conversations?
Is there anything in the math of encryption that prevents this, or are all users just relying on the goodwill of app makers to not do so?
Considering any communication is occurring across HTTPS how could one verify that this key is not being sent?