Oddbean new post about | logout
Vitor Pamplona | 12 hours ago (raw) | root | parent | reply | flag +1 
 They don't need to decrypt it. They control both sides, they can just track you using the app and get the information they need before encrypting. 

Similar to how WhatsApp/Telegram can get information from you even though they are "end to end" encrypted. They can just monitor what you type (which they do).

If the app is not opensource so that you can check it and if you can't change the server that is storing this info, they can track anything they want and you will never know.
Ty-Fi | 11 hours ago (raw) | root | parent | reply | flag +1 
 What app? I’m not sure this makes any sense. If my device is encrypted at rest, and my data is encrypted in iCloud, it’s no different than collecting metadata from any source. I’ve yet to see anyone demonstrate this with iOS. If they could it would be international news like when pegasus spyware came around.

Plenty of audits for the lockdown mode and iCloud advanced protections that show it can stand up to state actors. 

Don’t get me wrong, I love the work put into Graphene as much as anybody. Graphene is best yes, we all know. But out of stock Android, or stock iOS, Apple’s built far superior protections.
Vitor Pamplona | 11 hours ago (raw) | root | parent | reply | flag 
 There is no stock iOS. There is only the Apple-provided iOS which you can't see the code and thus you can't actually check for anything. 

On WhatApp: "Depending on the request WhatsApp’s response may include, if available, basic subscriber information (such as their name, service start date, last seen date, IP address, device type, and email address), and account information (such as a user’s "about" information, profile photos, group information and contacts list). In the ordinary course of providing its service, WhatsApp does not store message logs once the messages are delivered or transaction logs of such delivered messages. In order to comply with a valid legal request, such as a valid Pen Register Trap and Trace Order in the United States, WhatsApp may start collecting message logs and call logs for a particular user indicating who the communication was to or from, the time it was transmitted and from which IP address, and the type of communication (such as a text or call)."

 https://faq.whatsapp.com/808280033839222
Ty-Fi | 11 hours ago (raw) | root | parent | reply | flag 
 Yeah “stock” iOS is the version from Apple. I was trying to convey the additional optional security features that put it above all versions of Android, except Graphene. 

WhatsApp is a third party app, created in china, purchased by Facebook. The real answer is don’t use it. But the danger of using WhatsApp is the same between Android and iOS. Again I’m trying to point out Graphene stands on its own here.

Cybersec researchers work pretty hard to breach iOS and their work is in the open, even if the public can’t look at the iOS source code.