Somewhat disheartening that the author believes by default that the encryption wasn't tampered with on the proprietary server side of this proprietary client.
There's nothing "by default" about it, E2E encryption by definition can't be tampered with by anything on the server side, and the encryption mechanisms of WhatsApp are well understood
Which definition? WhatsApp, like a lot of things that claim E2EE, encrypts and decrypts at the clients. The problem is that we have no idea what the client programs are doing. They have not yet performed the required step of showing us the source code in a form that can be compiled to be the same as the distributed binary.
We know exactly what the client programs are doing, the bits are right on your device and you can audit them if you want (and it has been done already for WhatsApp by many researchers). Have you audited any of the open source software that you use?
No, OpenWhisper is well-understood, which is the algorithm WhatsApp and Signal _claim_ to have implemented. There is no proof the server-side doesn't have a means to acquire the data. And when the context is proprietary software, chances are _always_ against the weak link in the chain, the end-user.
