The headline and the rt.com article are a bit misleading, German speakers should rather read the original source:
<a href="https://netzpolitik.org/2017/geheimes-dokument-das-bka-will-schon-dieses-jahr-messenger-apps-wie-whatsapp-hacken/#Bericht" rel="nofollow">https://netzpolitik.org/2017/geheimes-dokument-das-bka-will-...</a><p>"Police will be hacking WhatsApp" sounds much flashier than "they're developing for malware". There is no cracking of encrypted messages going on. This is about creating and distributing targeted malware to install on (unsuspecting) suspects' devices in order to capture decrypted messages on the end device.
This is not about breaking encryption.<p>This is about creating and distributing malware to install on suspects' devices in order bypass most encryption implementations<p>What should be most disturbing is the expected use case.<p>It's expected to be used in run of the mill cases. When you start doing something like this at scale automating it at scale comes soon after.<p>I don't think anyone wants to live in a world where the police have a gui button labeled "install on all suspects" and some software to infer messages of interest based on a case number.<p>Think about all the stuff they did to identify the guys who bombed the Boston marathon. All of that can (and it looks like it will) soon be automated.<p>Now imagine that it's applied to common crime. Imagine being picked up off the street and interrogated because you unknowingly frequented a convenience store that had a drug trafficking operation going on behind the scenes and an automated system identified you (and 50 other people).<p>Would you like to live in a world where you can't talk about buying fireworks for the 4th because you know if you do you'll get "randomly" pulled over every time you drive back across state lines in the month of June<p>We're rapidly marching toward a world where that sort of stuff is possible at scale.
According to this article, they way they bypass WhatsApp's end-to-end encryption is by gaining access to the host device itself, and then recording everything that's on the screen.<p>So this would mean switching to something like Signal (which is in principle more secure) shouldn't help.<p>I'm quite skeptical that they can do this in a general case - Perhaps exploiting some zero days on some Android/iOS versions? I don't expect Google and Apple to sit around and let this happen for too long though.