Comment by morshu9001
11 hours ago
They also decide what public key is associated with a phone number, right? Unless you verify in person.
11 hours ago
They also decide what public key is associated with a phone number, right? Unless you verify in person.
That's protected cryptographically with key transparency. Anyone can check what the current published keys for a user are, and be sure they get the same value as any other user. Specifically, your wa client checks that these keys are the right key.
Even if your client is asking other clients to verify, what if everyone has the same wrong key for a particular user Whatsapp has chosen to spoof?