WhatsApp is Rolling Out End-To-End Encryption For Cloud Backup Soon

Wait, weren’t all our WhatsApp conversations end-to-end encrypted – which meant nobody, not even WhatsApp can know what’s inside the encrypted message.

Yes, it’s true. WhatsApp already has end-to-end encryption for messages, which means that only the sender and receiver can view the content being shared. However, computer experts and privacy advocates have noted that there are still flaws in this structure for WhatsApp users. Even if others can’t view the exact message, metadata associated with the messages, such as time, date, and location stamps, can reveal some information. I read about this online when I was exploring Spectrum Cell Phone Service in my area. Shocking isn’t it!

Then, there is this major flaw – the inability to encode messages saved to the cloud. A law enforcement organization has been known to gain access to a suspect’s WhatsApp communications by retrieving messages from the cloud backup. So yeah, WhatsApp messages aren’t that completely encrypted.

Things are Changing

Not to worry, WhatsApp’s encryption is changing and improving.

As per a whitepaper released by WhatsApp, Users will receive a unique generated encryption key (which only WhatsApp will know) before storing messages to a cloud server whether it’s Google Drive or iCloud. They will then have the option to set a password or supplementary encryption key (which will be unknown to WhatsApp).

The concept is compared to a bank safe deposit box where the customers will have sole access to their backup message box using the second password or key, where the first encryption key will act as a safety net for those who forget the one they had generated. According to a WhatsApp representative, after the encrypted backup is saved in the cloud, the app will instantly remove any prior backups.

The news comes just days after ProPublica launched an investigation into WhatsApp’s privacy policy. Turns out the company has an “extensive surveillance operation” that allows contractors to view unencrypted messages for moderation reasons if they have been “identified by users and automatically forwarded to the company as potentially abusive.” They also mentioned WhatsApp’s participation in releasing user data – this was a case against a federal employee who had leaked information to the media.

WhatsApp’s HSM Explained

WhatsApp will store the linked key in an HSM – physical hardware security module. This will be maintained by Facebook and will only be unlocked when the right password is provided in WhatsApp. For encrypting and decrypting digital keys, an HSM functions like a safe deposit box.

The HSM will supply the encryption key to decrypt the account’s backup stored on the cloud server once it is unlocked using the associated password in WhatsApp. Repeated password attempts will render a key stored in one of the HSM vaults permanently unavailable. To protect against internet outages, the hardware is housed in data centers of Facebook throughout the world.

This system has been designed to ensure that no one other than the account owner has access to the backup. The purpose of allowing individuals to set simpler passwords is to make encrypted backups easier to access. WhatsApp will only be aware of the existence of a key in the HSM, not the key itself or the password used to unlock it.

When Is the End-To-End Encryption For Cloud Backup Rolling Out?

WhatsApp is expected to release the backups on Android as well as iOS soon in the future. Users will be able to maintain their discussions encrypted even if they are part of the backups saved on a popular cloud service thanks to the new approach.

This new rollout will be an optional opt-in feature which means you will have to enable it manually from within the app. As per the company, this update will be available on Android+iOS devices anytime soon.

WhatsApp will encrypt chat messages and any existing messaging data, including text, videos, as well as photos that are being backed up using a random key created on the device provided that the end-to-end encrypted backup is enabled. Once this feature is out, be sure to opt in to protect your messages while they are stored on the cloud.

Final Words

The announcement of this update means WhatsApp’s service is going one step more secure than Apple, which encrypts iMessages but retains the keys to encrypted backups. this means Apple can help with recovery, but it may also be forced to hand over the keys to law authorities. According to the head of WhatsApp, the company has been working on encrypting backups for a couple of years, and while they are now opt-in, they hope in the future, it covers everyone by default.