"If You Want to Encrypt It Really, Really Hardcore...": User Perceptions of Key Transparency in WhatsApp
Authors: Konstantin Fischer (Ruhr University Bochum), Markus Keil (Ruhr University Bochum), Annalina Buckmann (Ruhr University Bochum), M. Angela Sasse (Ruhr University Bochum)
Volume: 2025
Issue: 4
Pages: 1039–1054
DOI: https://doi.org/10.56553/popets-2025-0170
Abstract: WhatsApp is the first popular chat app to roll out a real-world, large-scale implementation of key transparency. If implemented correctly, key transparency allows users to check whether they are currently victim of a Machine-in-the-Middle attack mounted by WhatsApp server operators. Through 16 in-depth semi-structured interviews with WhatsApp users in Germany, we investigate how people judge and perceive the security and privacy of chat apps, whether end-users perceive benefits from key transparency, and how this affects trust and usage. We find that our interview participants mostly know what end-to-end encryption is, but that they struggle to show an understanding of the nuanced threat models needed to grasp the point of key transparency. Seeing key transparency in action led to a slight increase in perceived security in some, while others dismissed it as an unconvincing UI sham that would not change their presumptions about WhatsApp and its companies' motives. Some participants even felt less secure after performing a key transparency check, which we attribute to certain misconceptions we uncovered during the interviews. We conclude that exposing end-users to key transparency, without an accompanying explanation, is unlikely to directly meaningfully enhance trust or perceived security, and can even lead to users feeling less secure in some cases. We underline that the real strength of KT lies in 1) what we call the "deterrence effect" and 2) the future possibility to better automate key transparency checks. Based on our results we offer recommendations for industry practitioners as well as for promising future work in academia.
Keywords: Key Transparency, Chat Apps, Privacy, Usability and HCI
Copyright in PoPETs articles are held by their authors. This article is published under a Creative Commons Attribution 4.0 license.
