As I understand it, if you give in to the android app's repeated prompts to enable backing up to your google account then your messages are stored elsewhere, and without encryption.
Could someone confirm if this is still the case?
Hopefully in 2020 and beyond people will be developing these shared components in Rust instead.
Not saying it's being used here (I honestly have no idea), but it's not that much of a stretch.
It would make for a better comment thread if everyone did that prior to expressing an opinion.
If you have something specific to say to each of the people who "didn't read the spec" then please respond to those people with that, instead of making passive aggressive commentary and making us assume the worst in everyone else in the comments.
Are all messages "private" messages? Or is this intended to distinguish group chats from one-to-one chats?
Yeah, right. Here's your three latest release notes for the iOS app:
2.20.92 Aug 25, 2020
Bug fixes.
2.20.91 Aug 24, 2020
Bug fixes.
2.20.90 Aug 19, 2020
Bug fixes.
1. Major apps often do phased rollouts of features in order to react to potential production issues, or to make certain features available to a limited subset of users or regions without having to do an emergency binary release if things go wrong.
2. The new build contains an A/B experiment, and you don't want to tell users that feature X was revamped because the experiment might not even go anywhere and only a small number of users will see it, anyways.
3. Your app is stable enough to have a regular release cadence e.g. monthly or biweekly, and you actually are just shipping whatever bugfixes made it into master since the last release with the major feature changes hidden behind feature flags until they are ready for 1. or 2.
4. The vast, vast, majority of users never read the update notes on the app store. They have automatic updates enabled, and your app updates at 3AM when their phone is plugged in on wifi and they are fast asleep.
5. Building on 4, if you actually want to advertise new features to users, it is better to build a native experience into the app either building a UI highlighting what has changed in the new version, or just popping up a dialog to show the patch notes (can be coupled with 1. and 2. to only show the dialog to users who have gotten the new feature enabled in the phased rollout or experiment). Discord is an example of an app that does this well.
6. Also building on 4., the changes are so minor that they are not worth paying a translation service to translate your patch notes if you are offering your app in multiple languages.
If users have automatic/background updates, sure, they apparently don't care about release notes. For everyone else, the release notes are really the only way to know what changes are going to happen upon clicking "Update". Having those notes be [effectively] blank is a substantial disservice to the user.
It's depressingly frequent that an app I used to enjoy takes a major dive in user experience. For a contrived example, I don't like finding out I am now suddenly blocked from using my messaging app because they force me to use a new cloud-based account system I can't opt out of, and none of this was mentioned before I clicked Update. Or another favorite: an update that does nothing more than introduce in-app advertisements.
What is it that makes you think this is caused by "walled gardens?" Do you have a link to a policy that requires this, or is it your own biases showing through?
In this case, they should be curating patch notes.
That is, unless both stores allow you to get the version authorized but hold it for release until you want. I know the Roku store did that years ago, so I imagine it's probably a feature that's present in those stores, but I don't know for sure.
The more information you provide, the more likely it is that your app will be held up in review or you will get additional questions from reviewers delaying your release.
I generally still try to err on the side of including information in my release notes, but I have been bitten by this enough times that I completely understand this practice and sympathize with other app developers.
https://www.whatsapp.com/security/advisories/2020/
Edit: Discard this comment, read saagarjha's reply below.
Doesn't this mean that messages exist in plaintext on Facebook's servers for at least the time it takes to deliver them? To me this is equal to saying that everything is clear text anyway, since there is no way to ensure someone lawfully or unintentionally taps the text stream and diverts it somewhere.
Am I misunderstanding?
The server "stores" the message for that period of time when the user uploaded it and before the receiver confirmed the download. Allegedly, it stores it in the encrypted form as its advertised as end to end so they would not have the key to decrypt it.