So today when I connected to my WiFi it got a note "Your WiFi is being controlled" which made me paranoid that maybe my router is hacked or something. I have yet to convince my father about this, or maybe is the one trying to spy on me.
Are the chats on WhatsApp safe from being spied upon, even if the router is compromised?
What you describe as your wifi in being controlled let fear a Man In The Middle attack. The encryption of Whatsapp message is more than enough to be protected from that. Someone just eavesdropping what is exchange over the Wifi network will only see encrypted messages and will not have access to the actual content.
Now if your question does using Whatsapp guarantee that nobody else but the recipient will ever see the messages, the answer is quite different. The protocol used by Whatsapp is indeed secure, but it looks like the implementation willingy choosed ease of use over security. It has been discussed at Whatsapp security, and a comment gave a link to the Guardian explaining that
A security vulnerability that can be used to allow Facebook and others to intercept and read encrypted messages has been found within its WhatsApp messaging service
...However, WhatsApp has the ability to force the generation of new encryption keys for offline users, unbeknown to the sender and recipient of the messages, and to make the sender re-encrypt messages with new keys and send them again for any messages that have not been marked as delivered.
The recipient is not made aware of this change in encryption, while the sender is only notified if they have opted-in to encryption warnings in settings, and only after the messages have been re-sent. This re-encryption and rebroadcasting of previously undelivered messages effectively allows WhatsApp to intercept and read some users’ messages.
[Whatsapp justifies that to cope when] a contact’s security code has changed. We know the most common reasons this happens are because someone has switched phones or reinstalled WhatsApp. This is because in many parts of the world, people frequently change devices and Sim cards. In these situations, we want to make sure people’s messages are delivered, not lost in transit.
So Whatsapp main design is useability and not security. Full stop. For most usages it is fine, but if you really need a high Confidentiality level, choose a tool dedicated to security like PGP or S/MIME encrypted mail. Not as sexy but far more secure.
Yes, end-to-end encryption does exactly that - protect your messages from being read or modified by anyone between the sender and the reciever, be it your router, your ISP or WhatsApp themself. To get your messages in plaintext an attacker would need to compromise either the sending or the recieving phone.
Off course, there is always the possibility of a flaw in the protocol WhatsApp uses. But there are no such publicly known flaws. So unless your father is a crypto expert I would not be worried...
A compromised router could lead to other activities of yours being spied upon, such as websites you visit, etc. So you might still want to investigate that further.
End-to-end encryption means that all messages sent through the Internet are encrypted and decrypted at the end points i.e in the user application. This means that only you and the recipient can read the message.
Messages are also stored on WhatsApp servers in an encrypted format.
The only possible point of attack is compromising the phone and having a keylogger installed which logs all your keystrokes.
People, if monitoring your router, will see the conversation in an encrypted format.
