> We didn't review the entire source code And, you don't see the issue with that? Faceb...

vpShane • yesterday at 8:03 PM • 1 reply • view on HN

> We didn't review the entire source code And, you don't see the issue with that? Facebook was bypassing security measures for mobile by sending data to itself on localhost using websockets and webrtc.

https://cybersecuritynews.com/track-android-users-covertly/

An audit of 'they can't read it cryptographically' but the app can read it, and the app sends data in all directions. Push notifications can be used to read messages.

Replies

miduil • yesterday at 8:16 PM

> Push notifications can be used to read messages.

Are you trying to imply that WhatsApp is bypassing e2e messaging through Push notifications?

Unless something has changed, this table highlights that both Signal and WhatsApp are using a "Push-to-Sync" technique to notify about new messages.

https://crysp.petsymposium.org/popets/2024/popets-2024-0151....

➕ show 2 replies

alt Hacker News

Replies