End-to-end encryption[edit]

On November 18, 2014, Open Whisper Systems announced a

partnership with WhatsApp to provide end-to-end encryption by
incorporating the encryption protocol used in Signal into each
WhatsApp client platform.[162] Open Whisper Systems said that they
had already incorporated the protocol into the latest WhatsApp client
for Android, and that support for other clients, group/media messages,
and key verification would be coming soon after.[163] WhatsApp
confirmed the partnership to reporters, but there was no
announcement or documentation about the encryption feature on the
official website, and further requests for comment were declined.
[164]
 In April 2015, German magazine Heise Security used ARP
spoofing to confirm that the protocol had been implemented for
Android-to-Android messages, and that WhatsApp messages from or
to iPhones running iOS were still not end-to-end encrypted.[165] They
expressed the concern that regular WhatsApp users still could not tell
the difference between end-to-end encrypted messages and regular
messages.[165]
On April 5, 2016, WhatsApp and Open Whisper Systems announced
that they had finished adding end-to-end encryption to "every form of
communication" on WhatsApp, and that users could now verify each
other's keys.[39][166] Users were also given the option to enable a trust
on first use mechanism in order to be notified if a correspondent's key
changes.[167] According to a white paper that was released along with
the announcement, WhatsApp messages are encrypted with the Signal
Protocol.[168] WhatsApp calls are encrypted with SRTP, and all client-
server communications are "layered within a separate encrypted
channel".[168] The Signal Protocol library used by WhatsApp is open-
source and published under the GPLv3 license.[168][169]
Cade Metz, writing in Wired, said, "WhatsApp, more than any
company before it, has taken encryption to the masses."[45]