WhatsApp, the world’s most popular messaging app has announced that its two billion users will be able to encrypt their chat backups to the cloud, stopping one of the most insidious ways that private communication between people on the app can be compromised. This was announced on Friday, 10th of September 2021, by Mark Zuckerberg, the CEO of Facebook, who stated that WhatsApp will permit users to add an extra layer of security to their message logs.
“We’re introducing another layer of privacy and security to WhatsApp: end-to-end encryption for backups customers choose to keep in Google Drive or iCloud.” He wrote on Facebook, adding that WhatsApp is the only global messaging service of this scale to offer end-to-end encrypted messaging and backups.
When a WhatsApp user switches phones, the app’s end-to-end encryption means that all of their previous chat histories from the previous phone is lost unless they create an unencrypted backup on a cloud service. The company claims to have developed a mechanism that allows WhatsApp users on Android and iOS to encrypt their chat backups and said it would provide users with two options for encrypting their cloud backups, both of which are optional.
WhatsApp product manager Calvin Pappas says, “We’ve been working on this topic for many years, and to build this, we had to construct a completely new framework for key storage and cloud storage that can be used across the world’s largest operating systems.”
WhatsApp users will be able to obtain a 64-digit encryption key to lock their chat backups in the cloud in a few weeks.” Users have the option of either saving the encryption key offline or in their preferred password manager, or they can create a password that backs up their encryption key in WhatsApp’s cloud-based “backup key vault.” Without the user’s password, which WhatsApp does not know, the cloud-stored encryption key cannot be utilized.
“We recognize that some customers prefer a 64-digit encryption key while others want something easy to remember, so we’ll provide both options, a WhatsApp spokesperson stated”. Once a user has set a backup password, we have no way of knowing what it is. They can reset it on their original smartphone if they forget it,”
“For the 64-digit key, we will tell users numerous times when they sign up for end-to-end encrypted backups that we will not be able to restore their backup if they lose their 64-digit key and that they should write it down,” – Calvin Pappas
We’ll prompt consumers to confirm that they’ve saved their password or 64-digit encryption key before the setup is complete. This decision to provide an extra layer of privacy is substantial and might have far-reaching consequences.
WhatsApp also stated that this optional functionality will be available in all markets where the app is available. For legal and regulatory reasons, it’s not uncommon for corporations to withhold privacy features. Users in totalitarian countries such as China, Belarus, Egypt, Kazakhstan, Saudi Arabia, Turkmenistan, Uganda, and the Philippines, for example, will not be able to access future encrypted browsing functions from companies like Apple.
Governments continue to fight for backdoors, making end-to-end encryption a contentious issue. After the FBI complained, Apple was pressed to not add encryption to iCloud Backups, and while Google has provided customers with the opportunity to encrypt data saved in Google Drive, the company allegedly did not notify governments before implementing the feature. This is because, unless there is a court order, an end-to-end encrypted transmission cannot be handed over to law enforcement or spied on by them if it comes knocking.
WhatsApp has also included a few extra security features. If you make too many incorrect password attempts, the key will become “permanently inaccessible,” a safeguard against brute force attacks. Furthermore, the service replicates your key in HSM-based Backup Key Vaults across five geographically dispersed data centres, ensuring that you can still access your chats if one of them goes down.
WhatsApp software engineering manager Slavik Krassovsky adds, “Redundancy is vital.” “We don’t want someone’s ability to recover their end-to-end encrypted backup and decode their chat history if a data centre, or even a machine or network switch in a data centre, goes down.”
Why Is End To End Encryption So Important?
1. End-to-end encryption (E2EE) ensures data security and protects personal information from illegal access. Authorities aim to acquire access to these hidden virtual places, even though robust encryption is a plus for data protection. They want to be able to read encrypted messages and data to catch criminals in the act sooner. However, because the keys required to decode messages are lost, E2EE makes it impossible to monitor or eavesdrop on messages. As a result, data kept in a Team Drive cloud is so secure that even the provider does not have access to it.
2. Another advantage of end-to-end encrypted messages is that they are unreadable by anybody other than the intended recipient and the message cannot be modified. This ensures that your communication is not tampered with. If you receive a decrypted message, you can be confident that it is the same message that was sent to you and that it has not been tampered with in transit.
Did you enjoy this post? Never miss out on any of our future posts by »