In my eyes WhatsApp is somewhat of a Bitcoin of secure the messaging space. They started on January 2009; 11 years ago and offered a great deal of features for its time and earned itself a good popularity. I would say WhatsApp even helped to advanced the modern communication just like how Bitcoin pioneered a great many things. But these days its value lies mostly in the network effect. WhatsApp has over 2 billion users and that is its main merit. There has barely been any revolutionary development for years and I bet your metadata is going to be milked to death for ads very soon. Let's not forget that end to end encryption means nobody is going to be able to spy on your messages when in transit. I'm no security expert, but what proof do you have to say that Facebook isn't been fed about the content after they get decrypted on the device?
Even Jeff Bezos Got His iPhone Hacked Through WhatsApp
WhatsApp Has A History of Getting Crashed By Text Messages
The above article was published on September 8th. The funny thing is if you searched for similar terms, you will find similar articles and videos describing how a simple text message can cause the app to crash and require re-installing. Imagine being in a group and having one of these messages shared. This is a tutorial from 2015:
Another Tutorial From Less Than 5 Months Ago
Imagine being acquired for $19 Billion USD and have an app that could be crashed by some idiot watching a YouTube tutorial. The other part to keep in mind is that we have to completely rely on the word of Facebook when it comes to the privacy and security implementations.
A Brief Collection of WhatsApp Hacks/Security Vulnerabilities From 2011 - Early 2020
https://www.theverge.com/2017/3/15/14933048/whatsapp-telegram-hack-malware-image-checkpoint
https://thehackernews.com/2014/12/crash-your-friends-whatsapp-remotely_1.html
https://www.hackatrick.com/2015/02/multiple-vulneribilities-found-in.html
https://eprint.iacr.org/2017/713.pdf
https://www.thelivemirror.com/zonel-sougaijam-rewarded-5000-for-discovering-whatsapp-bug
https://nakedsecurity.sophos.com/2013/07/11/whatsapp-users-ignore-messages-from-priyanka-its-a-worm
https://nvd.nist.gov/vuln/detail/CVE-2019-11927
https://metro.co.uk/2019/11/18/whatsapp-major-security-flaw-need-take-urgent-action-protect-11176045
https://www.bbc.com/news/technology-34192117
https://thednetworks.com/2012/09/09/whatsapp-imei-password-md5-inverted-hack
https://www.perimeterx.com/tech-blog/2020/whatsapp-fs-read-vuln-disclosure
https://www.ft.com/content/3c86ccde-3fac-11ea-bdb5-169ba7be433d
https://www.nytimes.com/2019/05/13/technology/nso-group-whatsapp-spying.html
https://www.helpnetsecurity.com/2019/05/14/whatsapp-flaw-spyware-cve-2019-3568
Tl;DR
Some of the the most critical vulnerabilities were not patched for over an year.
This begs the question whether these were intentionally kept from being fixed. Intentionally creating vulnerabilities could result in massive complications and I doubt anyone at Facebook is willing to take that risk. But looking the other way, incompetence and intentionally picking lesser security can go a long way running your personal life.
