If the client is closed source, and developed by an untrustworthy company, e2ee doesn't matter.

I disagree.

Even a closed source client soon has opensource 'compatible' clients. To build those, you need to reverse engineer/understand the crypto. In the process of doing that, you will likely uncover any systemic flaw that reveals every conversation to a passive attacker.

That effectively leaves the 'send a secret message to leak the key' type backdoors that the client could have. However, if this functionality existed and was used on every chat, then it is quickly discovered by anyone debugging the unofficial client.

So the only remaining 'loophole' is that there is a backdoor in the official client, but that it is only used very rarely or on request.

That in turn means that facebook can't go do large scale data mining on the private chats. Thats a win.

Y_Y

When had anyone reverse engineered their way to a compatible client for FB Messenger or WhatsApp? To my knowledge there are only hacky bridges that involve running the official client under the hood.

londons_explore

[1] is that for whatsapp. It implements everything from scratch, including the crypto and all the many layers of message encapsulation. I believe there are a few other clients too. It even implements the API's to create a new account, so you don't even need to touch their client code at all.

FB messenger doesn't yet have e2e encryption, so there hasn't yet been any need.

[1]: https://github.com/tgalal/yowsup