By now you’ve probably exchanged a few dozen messages on WhatsApp, right? And imagine that your privacy is secure thanks to end-to-end encryption, implemented in 2016, and that your backup is also secure in the cloud in case your phone fails. But did you know that, to this day, the messaging app doesn’t encrypt your backup?
Whether on Google Drive or iCloud, messages are protected only by Google and Apple’s security system when they reach the cloud. This Friday (10), however, that will change. In the coming weeks, WhatsApp will start implementing an extra layer of security over messages, now also backed up.
Even before backing up to the cloud, WhatsApp will ask you if you want to enable encryption. As a result, neither the cloud service nor WhatsApp itself will be able to access your messages, whether text, photos, audio or videos.
When end-to-end encryption was implemented in the app, the technical ability to extend it to backups was not yet available, the company says in a note emailed to Tilt.
“WhatsApp is the first global messaging service of this scale to offer end-to-end encryption of messages and backups,” said Mark Zuckerberg, owner of Facebook (who owns WhatsApp) on his network profile. “Achieving this was a very difficult technical challenge that required an entirely new framework for key storage and cloud storage in operating systems.”
How will it work
From now on, the app will ask you if you want to enable this layer of security before saving your messages to the cloud provider. The function will be optional and will be available for both Android and iOS.
To enable encryption, the user will have to create a password in order to access the 64-digit key that unlocks encryption. Only with this key will it be possible to access the messages in the backup. If you switch phones, you’ll need it to retrieve messages on a new phone.
What is end-to-end encryption?
This type of security layer allows the message to be seen only by the sender and the recipient. Even if the message is intercepted, it cannot be read by a third party. It’s like it’s inside a safe that only you and the recipient have the combination.
Not the entire path of the message, however, remains secret. Everything that is sent and received can be recorded on the mobile phones of senders and recipients, even with encryption being extended for backup.
It doesn’t help for the app to add new layers of security to the storage if the device is stolen and doesn’t have strong locks and passwords. In this case, anyone can access the conversations.