I know Whatsapp is not recommended and I envy people who cut it out of their lives. I am not so lucky and I must use it, it is the standard communication way in every aspect of society in my country.
Anyway I know the difference between privacy security and anonimity but I was also wondering: if both Whatsapp’s client and server are closed-source, how can we be sure they really use the Signal Protocol and not a modified version with backdoors integrated in it? I mean we know that Signal itself stated they helped them integrate it but if we cannot see the source code we have no proof of it, is this correct?
Another thing that is bugging me is that using NetMonitor on my phone (LineageOS 16 with microG) you can see that Whatsapp has always an unencrypted connection to 126.96.36.199 (Google DNS). I am using the dnscrypt-proxy Magisk module with only Adguard DNSs active, and I thought all apps had to use my DNS configuration but I guess it’s not like that. On the same phone I’m using Adaway with some hosts lists and a Magisk module to apply Bromite System Webview, I was wondering if you guys could tell me: is there a way to block certain IPs on my phone? like 188.8.131.52 to force Whatsapp to use my DNS configuration.