WhatsApp has announced that it will begin offering end-to-end encryption on chats backed up to Google Drive and iCloud on Android and iOS phones. This comes after the messaging service was discovered to be testing encrypted backups in WhatsApp beta for Android in early summer. Although WhatsApp has offered end-to-end protection by default on messages since 2016 (although some might beg to differ), backed-up messages have not been encrypted.
Up until this point, unencrypted chat backups have been a weak link in WhatsApp’s security arsenal, with law enforcement agencies worldwide often accessing the backed-up chats of suspect individuals for evidence. This should come as a welcome change for the billions of users who want to have safe access to WhatsApp chats of time gone by without worrying that everyone else does too.
How it will work
To keep backups encrypted, WhatsApp developers have created a brand new system for encryption key storage. Working with both iOS and Android, a unique, randomly generated, 64-bit encryption key will encrypt backups. People will have two options for keeping this key secure: password protection or securing it manually.
If someone chooses to secure the key with a password, it will be stored in a form of hardware security module (HSM) — a type of hardware used for storing encryption keys securely — called a Backup Key Vault. When the user enters their password correctly, the key will be retrieved to decrypt their backup. Users will have only a limited number of chances to enter their password, and the key will be rendered inaccessible after too many unsuccessful attempts. WhatsApp will not have access to the encryption key.
The other option is to store the 64-bit encryption key yourself and enter it manually each time you want to access your backup. The downside of this is if you lose your encryption key, you won’t be able to access your backup. If you forget your password, however, you do have the option of resetting it.
While this is great news for WhatsApp users who want to back up their chat history safely, it’s worth noting that encryption — while incredibly important — does not necessarily guarantee complete privacy. The company still has access to messages that have been flagged by users or automatically forwarded. Some experts believe this is a function that cyber criminals could potentially abuse. WhatsApp also has unencrypted access to a great deal of user metadata — including phone numbers, IP addresses, hardware models, OS information, and browser information — that can reveal a lot about a user’s activity.
Cora is a digital copywriter for SSLs.com. Having eight years of experience in online content creation, she is a versatile writer with an interest in a wide variety of topics, ranging from technology to marketing.