A critical part of the Signal protocol, used by Google Allo, WhatsApp, Facebook Messenger and Signal, among others) is a public key infrastructure. Public keys are needed to set up sessions. As far as I can see, it doesn't specify a way to authenticate the keys. Ie, when Alice sets up a session with Bob, how can she be sure she receives his public key and nobody else's?

Secondly, assuming the above question has a satisfying answer, can we check what happens on the wire? Ie, can Alice (having access to her private keys) examine the protocol on the wire, extract Bob's public key and authenticate it by hand (fingerprint it, call Bob and ask him to compare)?

This probably differs per implementation, I guess. As a start, I don't see an answer in the WhatsApp encryption overview whitepaper. So how is this implemented?

In a broader context the real question is of course: to what extent do we need to trust the implementations, i.e. the service providers? Honestly, it's strange to me that there's so much fuss over these services being end-to-end encrypted; it seems to me (NOT an expert on the protocol!) that it's easy enough for the service providers to eavesdrop, if they'd want to. They may not want or intent to, but for whomever privacy is important enough, it's still a liability.