I find the article interesting from a cryptographic perspective--specifically have they implemented searchable encryption or such a "encrypted environment" where they able to capture more than meta-data.
These quotes specifically:
The challenge was WhatsApp’s watertight end-to-end encryption, which stopped both WhatsApp and Facebook from reading messages. While Facebook didn’t plan to break the encryption, Acton says, its managers did question and “probe” ways to offer businesses analytical insights on WhatsApp users in an encrypted environment.
...
When Sandberg, Facebook’s COO, was asked by U.S. lawmakers in early September if WhatsApp still used end-to-end encryption, she avoided a straight yes or no, saying, “We are strong believers in encryption.” A WhatsApp spokesperson confirmed that WhatsApp would begin placing ads in its Status feature next year, but added that even as more businesses start chatting to people on the platform, “messages will remain end-to-end encrypted. There are no plan
They are not that interesting. You have no way to verify if their statements about encryption are true, so you'd be nuts to bet much on assuming they are. WhatsApp being sold to an advertising company is just one fine example of why it's nuts.
In fact given the recent bill's introduced into the Australian parliament, it's irrelevant if they are true. The bill allows the government to demand they produce a version of WhatsApp with a bug that sends a copy of all data receives somewhere, and also allows them to demand they download that app via the automatic security patch mechanism. So unless there is a way to verify what software you have isn't bugged you have to assume even if it isn't now, it could well be in the future.
There are ways out of this mess, but none of them are based on taking someones word for it. Yet the "it's secure because that's what it says on the box" seems to be the most common security model people adopt. It's so clearly wrong I sometimes think I'd be less perplexed if most of the world's population started insisting water wasn't wet.
Actually a fellow on HN the other day demonstrated that you could decompile their APK and inspect the code, so you can make a pretty solid attempt to verify product statements if you have the skill and the time.
Also, I think we're cross talking about their statements--I can't divine anything specific from what they say, but their answers (esp. Sandbergs non-answer) seem supportive of other things I've seen claiming the encryption they're using is leaking business analytical information to FB on purpose (effectively undermining the lay understanding of end-end encryption).
These quotes specifically:
The challenge was WhatsApp’s watertight end-to-end encryption, which stopped both WhatsApp and Facebook from reading messages. While Facebook didn’t plan to break the encryption, Acton says, its managers did question and “probe” ways to offer businesses analytical insights on WhatsApp users in an encrypted environment.
...
When Sandberg, Facebook’s COO, was asked by U.S. lawmakers in early September if WhatsApp still used end-to-end encryption, she avoided a straight yes or no, saying, “We are strong believers in encryption.” A WhatsApp spokesperson confirmed that WhatsApp would begin placing ads in its Status feature next year, but added that even as more businesses start chatting to people on the platform, “messages will remain end-to-end encrypted. There are no plan