This ^ The phone lock, and the owner of the phone are the security, remove them, obviously people have access, which is exactly the same for anything
Should we now debate about the concept of a user/local account and remote account? To login on a local account ‘unlock the phone’ affects local services such as browse directories/local contents. Android still has no proper user management. So yeah Android has still a design flaw since I cannot set user rights. To unlock a SIM card (PIN) then grants access to a remote service such as SMS/phone calls... To login at an email account grants remote (server) access. The design flaw is reasoned in a duplication of a remote account without verification of IT...and a vulnerability of the end-to-end encryption. Each remote account requires authentication on the SERVER usually by username and pass. If I could have physical access to your phone and unlock it I still would have problems to duplicate your remote services on it not even to mention within seconds! I could NOT read your SMS nor your emails, because I cannot keep your SIM nor decrypt your email password after you have got back your phone. BUT I could read all your whatsapp chats since I could receive the same as you and even send using your identity!!! To me it's 'flaw' as it could be found in a dictionary' example. Why do you have further passwords then at all?!? Every decent ‘client’ who connects to a server has proper authentication which cannot be duplicated that easy.
I get your point it amounts to surveillance once the QR is scanned, so you would like to see authentication before you can scan the QR ?!
Why do I have further passwords on accounts that require a password in order to create the account? I set up 2 step on everything I can, some don't have it, and almost all also require a password, which is why it's called '2' step 1 step. Password 2 step. Phone authentication
The option to have a second client running elsewhere which uses the same account requires additional/actually the same safety, IMHO more safety since the purpose is to duplicate an identity not to create a new one. They need to implement steps which require more efforts/repeat original authentication....so the one could notice about abuse. I mean why should it be without authentication to setup a second client, but at the first on the phone it has to be? IMHO best would be a password created on the phone and stored on their servers when setting up whatsapp the first time which is queried after the QR has been scanned. Can be added with an whatsapp update running the first time requires user decision though. If chosen no then no option ever. I would not even 'offer' to add the option when the account has been setup'ed already 'during use' so to say. I simply wanted to mention that nobody relies on the phone lock only (front door lock and no additional locks inside the house) and uses passwords for the clients. Very careful people do not even have them locally stored on their phone (email client) and take the efforts to re-enter them at any email check. Either way they are encrypted there and cannot be simply transferred via external QR code to scan, that's the point.