14 DAY TRIAL // There seems to be a bit of an uproar online as people are urging each other to dump the messaging apps they've been using because the CIA can render useless the encryption safeties they set in place. The problem, however, is with the operating systems of the phones, not the apps themselves.
Following the Vault 7 revelations from WikiLeaks, many people worry that their privacy is at risk due to the newly exposed capacities of the CIA. Of course, so far, there's been no indication that the CIA is doing anything illegal with its powers, aside from the fact that it really should be sharing the zero-day vulnerabilities it finds with the companies they affect, so they can fix them and protect millions of users.
Then, there's the fact that, according to the files, the CIA has developed malware that can bypass the encryption layers used by apps such as WhatsApp, Signal, Telegram, and so on. This isn't the fault of the apps, however, since the CIA based its malware on vulnerabilities it discovered in iOS and Android, zero-day bugs it chose to keep secret rather than share with Apple and Google, respectively.
There's nothing the app can do if the OS is compromised
Basically, when the operating system is attacked in such a way, there's very little an app can do to protect the user further. The app itself is made to fit with the operating system; it depends on it to work properly. Once you receive a message, the app will do what it was built to do - decrypt the message. If the operating system has been compromised by malware such as the one built by the CIA, the data is no longer protected.
Even regular hackers can compromise your device without that much trouble as bypassing app encryption settings. If, for instance, you tap a link you shouldn't, download a malicious file which then triggers a malware to be downloaded to your device, you can be just as vulnerable. One method many hackers use to get their hands on your data is to take a screenshot every half second, or every second. That alone would expose whatever you are typing, protected by end-to-end encryption or not.
The CIA's job
Once more, we should point out that there is no indication that CIA is using these tools on the masses. They could very well simply use them on their criminal targets. Of course, given our history with the NSA leaks a few years back, the CIA may very well have overreached too, although mass-spying is less likely with the CIA than with the NSA.
"The CIA, like any other governmental intelligence agency, uses and will continue using various hacking tools and techniques to obtain any information they need to protect the country. This is their duty. So far, we don't have any evidence that these capacities were used unlawfully, for example, to violate reasonable expectation of privacy of innocent US citizens or for illicit interference with elections," High-Tech Bridge CEO Ilia Kolochenko told Softpedia.
At this point, the worst we can accuse the CIA of is collecting zero-day vulnerabilities and exploiting them instead of sharing the data with the companies that could protect millions of users by patching up their systems.