Being FOSS is not a prerequisite of E2EE but a prerequisite of knowing it’s E2EE for sure. Like, I can give you a black box that prints PGP key pairs and says “includes RPGP, MIT-licensed PGP library” but you can’t trust that the machine doesn’t use modified, low-entropy RNG or exfiltrate the results. The communication you do with these PGP keys is technically E2EE − a third party server relaying your messages will not be able to read them, unless I provide them with the potentially not-so-secret “random” data my box generated.
Correct, WhatsApp fails to include a libre software license text file. We do not control it. So, it has never been secure.
Being FOSS is not a prerequisite of E2EE but a prerequisite of knowing it’s E2EE for sure. Like, I can give you a black box that prints PGP key pairs and says “includes RPGP, MIT-licensed PGP library” but you can’t trust that the machine doesn’t use modified, low-entropy RNG or exfiltrate the results. The communication you do with these PGP keys is technically E2EE − a third party server relaying your messages will not be able to read them, unless I provide them with the potentially not-so-secret “random” data my box generated.