Two Whatsapp questions and how to block IPs on phone?

I know Whatsapp is not recommended and I envy people who cut it out of their lives. I am not so lucky and I must use it, it is the standard communication way in every aspect of society in my country.

Anyway I know the difference between privacy security and anonimity but I was also wondering: if both Whatsapp’s client and server are closed-source, how can we be sure they really use the Signal Protocol and not a modified version with backdoors integrated in it? I mean we know that Signal itself stated they helped them integrate it but if we cannot see the source code we have no proof of it, is this correct?

Another thing that is bugging me is that using NetMonitor on my phone (LineageOS 16 with microG) you can see that Whatsapp has always an unencrypted connection to 8.8.8.8 (Google DNS). I am using the dnscrypt-proxy Magisk module with only Adguard DNSs active, and I thought all apps had to use my DNS configuration but I guess it’s not like that. On the same phone I’m using Adaway with some hosts lists and a Magisk module to apply Bromite System Webview, I was wondering if you guys could tell me: is there a way to block certain IPs on my phone? like 8.8.8.8 to force Whatsapp to use my DNS configuration.

you are going to be worried all time i can see it phobia on way! and you right no one can check that’s why what’sapp bad also they handle decryption keys so they easily can decrypt messages so in my point of view it’s useless, lol

and i guess you can block the 8.8.8.8 or just add dns in your wifi itself and it will route everything through it (add dns.watch for example idk you pick)

Welcome to the forum,

The only way I know of is using Nebulo (DoH/DoT app) as it has an option to redirect traffic to known DNS servers into your chosen DNS server.

You can use the ip-blacklist functionality provided by dnscrypt-proxy: just put the IPs to block in the ip-blacklist.txt file in dnscrypt-proxy directory, uncomment the line specifying the path to the ip-blacklist.txt file in the dnscrypt-proxy.toml file and it’s done.