I’m having an issue with Rich Previews on Whatsapp and since Github staff pointed me to Whatsapp Support, I thought, “hey, they make money with my data, I might as well make the most of my ‘subscription’ and politely ask for help.”
Although their legal info doesn’t contain any section that would forbid me to root my phone, they refused to give me support in an automated e-mail (see below in German). They basically are saying, “we understand that you like to have a rooted phone, but we won’t help you with your issue. Go, unroot your phone, and come back.”
I thought I’d share this with you in case anyone with a rooted phone was playing with the unreasonable thought to contact Whatsapp support.
Also interesting, that chats are marked with “your conversation is end-to-end encrypted”. So support and app are not in synch
But true, just use a reasonable app, like signal or wire
To be fair, when you set up WhatsApp in a rooted phone, they show you a message with exactly that warning (“we don’t support custom ROMs”). They should have a notice in their legal info, sure. Poorly done, WhatsApp!
AFAIK, he used Kontalk, at least time ago, right? I guess social needings forced him to use WhatsApp again… (I’m still trying to escape them! >.< )
Guess you are talking about this fragment (translated):
The WhatsApp security model does not work as intended on rooted devices and your messages are not backed up with end-to-end encryption.
I think it is a support slip-up. I guess they try to say that your messages won’t be protected on your end (i.e. your phone) because any app with root access could read directly the plain-text WhatsApp database(s). A rooted Android basically ruin the Android security model, so you must be careful (i.e. use open source software and know what you do when giving root access). Their E2EE only works in transit, and it doesn’t matter whenever you have a pristine or rooted phone. But anyway, WhatsApp backups unencrypted your message history to Google and the anti-feature is enabled by default so, even if you don’t have a Gobble account or use microG, your contacts probably will, and it effectively defeats the purpose of end-to-end encryption, .
@stefan If I can help with something web-developer-related, you already know you can just ping me,
Edit: Ooooh, I revived a 3 months old post! Sorry. Discourse plays with my mind in very weird ways… not the first time, Well, I’ll just leave it here because I think unencrypted backups on WhatsApp are relevant.
Thank you for your support! I’ve contacted them via e-mail (see Github forum) now.
The problem is that Rich Previews work for other apps (e.g. Telegram), but not for WhatsApp. They were working for some time, but when I switched to https for our custom domain they stopped working again. It’s surely an issue on WhatsApp’s side and I’m not very hopeful that it will be solved.
I’ve been trying some urls of mine, monitoring the log of my own server and it appears that the WhatsApp client still does itself the connections required for link previews.
In my FP2, your github.io link gets correct image and description, with and without HTTPS, as well as the new domain, also with and without HTTPS. If you are testing on your FP1, I only guess two things that could be causing that:
Your Android version is no longer security-supported —I know you are aware— which implies the OpenSSL library on your phone is obsolete too. It has some security-holes in it and servers may refuse secure connections to it (SSL Handshake Faliure), depending on cyphers and stuff. If the HTTP connection is upgraded, and a SSL handshake fails, then probably the WhatsApp client fails silently. I can confirm Telegram does not do the connections on-device (it connects to an intermediary service of theirs, with useragent TelegramBot (like TwitterBot)). I don’t know about other apps.
Your WhatsApp cached wrong or null image and description for that link and it doesn’t reload them for some reason. This is not likely, though. I don’t observe any caching method in my monitoring, but in my experience, caching is the source of a lot of problems and it sometimes doesn’t have an unambiguous behaviour, so .
Yeah, I was suspecting something like (1), but you, of course, go into much more detail. On the other hand, my friend, who has a pretty new Samsung, also doesn’t get the Rich Preview…
At least it works on your FP2, so the website works correctly.
Then it’s clearly not fault of an obsolete OpenSSL,
Yeah, those are the good news. I’ve looked at the code and you did quite a great job there. Microdata is a complex matter (each platform has it own non-standard method, pfff), but if you need to do this again I’d recommend to use Silo Buster or the jekyll-seo-tag for Jekyll sites (it’s whitelisted in GitHub Pages).
If you take a look at https://www.ssllabs.com/ssltest/analyze.html?d=github.io&s=185.199.109.153&latest, you will see that the server correctly does an SSL handshake with Android 4.4 and later but has a protocol mismatch with Jelly Bean (click the button to expand).
The server does not offer TLS 1.0 anymore - it appears some web sites have recently started to move away from that version, even though it is not yet considered insecure as far as I know.