“The data I’m seeing so far is all just what website domains apps are communicating with, which is of somewhat limited value for the average consumer who wouldn’t know what domains to be concerned about,” says Thomas Reed, director of Mac and mobile platforms at the security firm Malwarebytes.

or email me at “j@thisdomain”

it is very difficult to spot shenanigans in obfuscated code, you’ve got no chance.

Why the obfuscation of remaining to r and callbacks to c? This is fine for function-local variables but in this instance makes the code significantly harder to reason about? There is no notion of what c and r mean.

Unlike Telegram, WhatsApp is not open source, so there’s no way for security researchers to easily check whether there are backdoors in its code. Not only does WhatsApp not publish its code, they do the exact opposite: WhatsApp deliberately obfuscates their apps’ binaries to make sure no one is able to study them thoroughly. 

Add-ons are not allowed to contain obfuscated code, nor code that hides the purpose of the functionality involved. If external resources are used in combination with add-on code, the functionality of the code must not be obscured.

But people clearly do care about privacy. Just look at the lengths to which ad tech entities go to obfuscate and deceive consumers about how their data is being collected and used. If people don’t mind companies spying on them, why not just tell them plainly it’s happening?