diff --git a/CHANGELOG.md b/CHANGELOG.md
index f20ddecd1..3efd58327 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -35,7 +35,7 @@
 - sql: enable `auto_vacuum=INCREMENTAL` #2931
 - Synchronize Seen status across devices #2942
 - Add API to set the database password #2956
-- Add webXdc #2826
+- Add Webxdc #2826 #2998
 
 ### Changed
 - selfstatus now defaults to empty
diff --git a/src/webxdc.rs b/src/webxdc.rs
index ae704e93e..b7025aacf 100644
--- a/src/webxdc.rs
+++ b/src/webxdc.rs
@@ -251,6 +251,7 @@ impl Context {
                     .ok_or_else(|| format_err!("Status object expected."))?,
                 );
                 status_update.set_quote(self, Some(&instance)).await?;
+                status_update.param.remove(Param::GuaranteeE2ee); // may be set by set_quote(), if #2985 is done, this line can be removed
                 let status_update_msg_id =
                     chat::send_msg(self, instance.chat_id, &mut status_update).await?;
                 Ok(Some(status_update_msg_id))
@@ -450,8 +451,10 @@ impl Message {
 mod tests {
     use super::*;
     use crate::chat::{
-        create_group_chat, forward_msgs, send_msg, send_text_msg, ChatId, ProtectionStatus,
+        add_contact_to_chat, create_group_chat, forward_msgs, send_msg, send_text_msg, ChatId,
+        ProtectionStatus,
     };
+    use crate::contact::Contact;
     use crate::dc_receive_imf::dc_receive_imf;
     use crate::test_utils::TestContext;
     use async_std::fs::File;
@@ -1349,4 +1352,57 @@ sth_for_the = "future""#
 
         Ok(())
     }
+
+    #[async_std::test]
+    async fn test_webxdc_opportunistic_encryption() -> Result<()> {
+        let alice = TestContext::new_alice().await;
+        let bob = TestContext::new_bob().await;
+
+        // Bob sends sth. to Alice, Alice has Bob's key
+        let bob_chat_id = create_group_chat(&bob, ProtectionStatus::Unprotected, "chat").await?;
+        add_contact_to_chat(
+            &bob,
+            bob_chat_id,
+            Contact::create(&bob, "", "alice@example.org").await?,
+        )
+        .await?;
+        send_text_msg(&bob, bob_chat_id, "populate".to_string()).await?;
+        alice.recv_msg(&bob.pop_sent_msg().await).await;
+
+        // Alice sends instance+update to Bob
+        let alice_chat_id = alice.get_last_msg().await.chat_id;
+        alice_chat_id.accept(&alice).await?;
+        let alice_instance = send_webxdc_instance(&alice, alice_chat_id).await?;
+        let sent1 = &alice.pop_sent_msg().await;
+        let update_msg_id = alice
+            .send_webxdc_status_update(alice_instance.id, r#"{"payload":42}"#, "descr")
+            .await?
+            .unwrap();
+        let update_msg = Message::load_from_db(&alice, update_msg_id).await?;
+        let sent2 = &alice.pop_sent_msg().await;
+        assert!(alice_instance.get_showpadlock());
+        assert!(update_msg.get_showpadlock());
+
+        // Bob receives instance+update
+        bob.recv_msg(sent1).await;
+        let bob_instance = bob.get_last_msg().await;
+        bob.recv_msg(sent2).await;
+        assert!(bob_instance.get_showpadlock());
+
+        // Bob adds Claire with unknown key, update to Alice+Claire cannot be encrypted
+        add_contact_to_chat(
+            &bob,
+            bob_chat_id,
+            Contact::create(&bob, "", "claire@example.org").await?,
+        )
+        .await?;
+        let update_msg_id = bob
+            .send_webxdc_status_update(bob_instance.id, r#"{"payload":43}"#, "descr")
+            .await?
+            .unwrap();
+        let update_msg = Message::load_from_db(&bob, update_msg_id).await?;
+        assert!(!update_msg.get_showpadlock());
+
+        Ok(())
+    }
 }