Is Signal still more secure than WhatsApp?
There are still a couple of security functions, which may matter to you, which Signal does better than WhatsApp.
Client-Side Fanout
When you use a group chat in WhatsApp, you send your message to the server who in turn distributes it to all the group members. This way WhatsApp learns all the social structures and can in theory perform traffic analysis to deduce quite a bit of information from the message volume exchanged.
In Signal on the other hand, group chats are actually normal peer-to-peer chats with a special flag, which is set inside the end-to-end encrypted frame. So this way OpenWhisperSystems (the makers of Signal) doesn't learn your social group structures. However they can still see that three messages are going to three different people at once and can guess that this is due to a group chat.
The blog post for Signal. The server-side fan-out is stated in the white paper (PDF).
Private Group Metadata
Because the previously mentioned approach of everyone just directly sending the group messages to each other is messy with regards to privileges - as achieving consensus in an asynchronous distributed system is hard - Signal has deployed a new system to enforce access control and privileges in groups without learning anything about the group structure - only about the existence of a group and a guesstimate of its size based on the size of the server-stored ciphertext. See this blog post for details and this post for the deployment announcement and this post for how group links factor into this.
I was unable to find documentation on how WhatsApp handles this data. Though given they know the group membership to distribute messages, they may just store this in the clear.
In-App Encryption
Signal offers to encrypt the past communication at app level, which WhatsApp lacks completely. Obviously this can protect your messages in case of theft however you probably won't gain that much security because most people will probably not choose good passwords here for usability reasons.
Use of the OS keystore
Modern mobile operating systems provide a place for you to store your keys so they aren't unencrypted in the filesystem. The OS will usually either encrypt them with some hardware backed mechanisms, like iOS's secure enclave or Android will use things like ARM TrustZone for increased difficulty of key extraction. Additionally Apple is famously known for doing a really good job at the security of the iOS keychain backups. Signal uses these security features (iOS, Android), whereas WhatsApp (likely) does not.
Optional Read and Typing notifications
WhatsApp notifies you when somebody is typing and it notifies you when somebody read your message - and you can't turn it off for group chats. This however allows WhatsApp to deduce app usage behavior and your habits. Like "Do you check your WhatsApp messages at 1am?", combine that with the other meta data WhatsApp is harvesting and you can make some useful guesses about people's lifes. Additionally the "typing" notifications can be used to deduce potential contents based on context and default keyboard suggestions and other factors.
Signal doesn't enforce this. Here's the original discussion on it on GitHub. As a more recent development, Signal adopted read notifications, but they're default-off (for pre-existing installations) and aren't forced-on in Group conversations. For groups I think they work indidually with each member, that is if a member and the sender have them both enabled, the sender will get the notification, which is much more privacy-focused than WhatsApp's solution.
Backup Security
WhatsApp offers you to backup your messages so you can recover them when your phone is inacessible or destroyed. However due to the very nature of this, the backup (which must (also) be hosted on Google Drive) cannot be encrypted / secured other than with your username / password for that account (which WhatsApp doesn't know). So as soon as that Google Drive account is breached or some government demands access, all the end-to-end security is gone if either party of the communication had backups enabled. As for iCloud (as opposed to Google Drive) a similar argument applies - especially as the kind of data WhatsApp is saving is not sensitive enough for Apple to use their stronger security mechanisms as they would e.g. for passwords.
Even though the backup feature of Signal isn't as convenient as the one of WhatsApp it doesn't automatically store (plaintext?) copies of messages on Google servers, but rather allows you to (automatically) create a local (encrypted) file and push this one manually around. It is unclear though of WhatsApp's backup feature profits from the recent security enhancements in Google's backup infrastructure (on android at least), so they might actually be secure.
Auto-deleting Messages
Automatically deleting your own old messages is good from a security standpoint. It means that if an attacker manages to break into your phone / backup that (s)he can't access all messages but only the recent ones. Auto-deletion is especially nice if you consider that you won't read all the really old messages anyways and that it will save you some storage. As of now, WhatsApp does not implement this.
Signal on the other hand does.
No meta-data storage
Signal was recently hit by a Subpoena. They complied (of course) but could only contribute very little, which confirms that they're holding true to their privacy policy.
At the same time WhatsApp is sitting on a large(r) amount of meta data and would be much more useful if hit (and if it's being disclosed). This is especially obvious if you compare what WhatsApp logs and what Signal logs.
Private Contact Discovery
WhatsApp uploades your entire adress book to their servers to compare which of the listed users have WhatsApp accounts. Obviously during that process WhatsApp learns your social graph, that is who you know, including people who don't use WhatsApp.
Signal now on the other hand, has somewhat recently deployed a much smarter solution, using fancy modern cryptographic techniques paired with Intel's SGX technology so that OpenWhisperSystems actually doesn't learn your adress book (only the SGX enclave does and that doesn't leak it), but only needs to keep on-record who their users are and thus they also don't learn anything about which users you may know but don't chat with using Signal and which people you know but don't use Signal (yet). The details of this can be read in their blog post.
Registration Locking
While both Signal and WhatsApp support registration locking which forces you to enter a pre-determined PIN whenever a new device is added to an account, it is unclear how security is enforced. That is, how many tries one gets for the PIN before hitting the lock-out and whether this lock-out can be overriden by the service operator. Signal is currently beta-testing using SGX to have a verifieable upper limit on the tries you get for this.
Private Link Preview
Signal goes out of its way to hide which URL you're accessing from Signal when generating link previews and hiding your IP from the server.
WhatsApp on the other hand has a less stringent stance on the topic though it is only "worse" than Signal in that regard by leaking the sender's IP to the service.
Sender Hiding
Signal has a feature that allows you to hide your identity from the server when sending a message. That is, the app can send a message to the server that will be delivered without revealing from who it is exactly. So what the Signal servers see is that somebody with a given IP sent a message to a well specified user.
From what I know WhatsApp doesn't implement anything similar and instead relies on user authentication for sending to prevent impersonation and similar issues.
Encrypted Profiles
In Signal your profile picture and chosen name are only ever transmitted using end-to-end encryption. Also see the introducing blog post. This means that the server doesn't learn how your picture looks or what string you use to identify yourself to others.
In WhatsApp however the picture is less clear. It seems highly likely that if you set these information to public they are indeed stored in the clear on the servers. However if you set it to contacts-only, it is much less clear whether WhatsApp uses its end-to-end encryption for the transport of the image or whether it's just an access-controlled API functionality on the server. At least this (unofficial) blog post claims that the end-to-end encryption is not used for profiles.
Ephemeral Messages?
They're a feature supported both in WhatsApp and Signal - messages that are deleted on the receivers end after some condition is satisfied. However there's no real security impact for their implementation as the rule "if you can see it, you can photograph it with a different device" applies.
So TL;DR:
The remaining security differences (after the protocol update) are mainly that WhatsApp generates a lot of meta data to be convenient while Signal tries to avoid meta data.
Disclaimer: this is a non-technical contribution (addition to already given answer). Some content may be subjective, possibly speculative.
I believe that when evaluating/comparing information security solutions one needs to go beyond the purely technical //current state// of the solution and consider what trajectory a given product will likely take in the future given the known or assumed-likely motivation of the controlling organization.
In 2014 Facebook bought WhatsApp
As argued by Marc Goodman in his book "Future Crimes", to Facebook users are its product while the advertisers are its customers, and to be viable Facebook monetizes its products and it does so by maximizing the volume and quality of the product it offers to its customers. Simplifying, volume translates to the time users spend looking at Facebook content (time available to show advertisement), and quality translates to how accurately Facebook can target adds at users based on what it knows about them. In other words Facebook want to know as much as possible about users (which can't be done when keeping data truly secure), and to use that to:
- maximize eye-ball time (get users to spend more time looking at Facebook)
- maximize accuracy and effectiveness of targeted advertisement
Since WhatsApp has been offering end-to-end-encryption with no access to user data, why would Facebook pay over US$19 billion in 2014 to buy it (See https://en.wikipedia.org/wiki/WhatsApp citation 13, 14) given how Facebook monetizes its products? That is unless Facebook can find a way to harvest WhatsApp data about users. Recent change to WhatsApp's privacy policy allowing for WhatsApp users' contacts' phone numbers to be shared with Facebook is, I believe, indicative of the answer.
Future Speculation
It is speculative to consider what future trajectory Facebook will take with WhatsApp. However, when considering information security solutions I think it is prudent to evaluate organization's track record and what direction their business model points to. Consider:
- Given above and "Future Crime"'s argument, maximizing WhatsApp's information security is counter-productive to Facebook's business model
- Facebook has a history of documented questionable privacy practises, for example: resetting of user's privacy settings upon policy update, or experimenting in controlling user moods by filtering their feeds - google for more examples.
When comparing information security solutions, especially with similar technical capabilities, I suggest choosing a solution that is more likely to keep its primary focus on privacy in future development. Here, Signal, seems a better choice.