That’d be irrelevant, because as long as only the clients hold the keys (which we can verify, as those are not only open source but also are under our control, meaning we can check that the upstream open source version is installed and no private keys are being exchanged) there’s no way anyone can read the messages, except the owner of the private key.
Apparently what happened is that French police installed some of malware on the phones to read the messages, and this was now decided to be legal in the UK.
The basic security stuff exists on Android and iOS as well, namely full disk encryption. When that is defeated through a missing or bad password nothing keeps them from installing their malware with device access.
If they got in through an external security vulnerabilities in some software package the situation is also the same on either OS.
A French and Dutch Joint Investigation Team (JIT) harvested more than 115 million supposedly encrypted messages from an estimated 60,000 users of EncroChat phones after infecting the handsets with a software “implant”.
So this sounds like the ANOM phone story with extra steps?
I get that they can “access” messages, but the headline feels misleading if it requires full access to the device.
It’s not that they’re breaking encryption or reading messages in transit, it’s more like they’re installing malware on specific devices so that they can look at your screen?