How do I verify that WhatsApp is using end-to-end encryption?
There isn't any quick check you can perform in order to be sure that end-to-end encryption is used. Even if you manage to get this confirmation, then you have to make sure that the used encryption keys never left your device (and the device of your friend). If end-to-end encryption is used, but WhatsApp or someone else has access to the encryption keys, the chat is no longer confidential.
There is some available information which can allow a security researcher to start investigating the matter:
- The encryption software is known and the code is open source (even if we do not know what changes were made to the WhatsApp implementation)
WhatsApp will integrate the open-source software Textsecure, created by privacy-focused non-profit Open Whisper Systems, which scrambles messages with a cryptographic key that only the user can access and never leaves his or her device
- TextSecure GitHub
P.S.: There is at least one way to tell if they are not using end-to-end encryption and parsing the contents of your messages. Some time ago, a security researcher discovered that URLs sent in Skype messages are accessed from Microsoft IP addresses (link). You can try the same thing by setting up a web server and sending some unique URLs on WhatsApp.
I actually did some work on reverse-engineering the WhatsApp protocol a while ago. At that time, it was SSL-encrypted over Wi-Fi and cleartext over 3G. It's possible to root your Android device and install a local packet sniffer to dump the traffic; it's also usually possible to install your own CA root certificate to MITM SSL traffic.
The interesting question will be if it's encrypted within the SSL wrapper, because SSL is device-to-server, not end-to-end.
Sending a message M, should produce a packet P, of data sent, possibly fragmented. If the receiving device does not get P, but instead gets something different, then it's not properly end-to-end encrypted or there is a "tunneling" system going on.
No. Not unless you have the resources to insert sniffers into every intermediate location including the private ones in the WhatsApp infrastructure.