WhatsApp has provided state of the art encryption since 2016 and prides itself on that very fact. The messaging service itself has no access to the users’ messages unless they are reported. However, cloud backups were another matter altogether.
It is not to say that a chat that has been backed up is completely insecure, but it is out of both WhatsApp’s jurisdiction and control. iCloud or Google Cloud are not end-to-end encrypted, which means it is up to Apple’s or Google’s discretion to hand them over to law enforcement if it comes knocking.
Or was, anyway. Now, the messaging service has a new framework, which allows all users to choose to encrypt a chat before it reaches the cloud. Your chats, photos and videos would exist only as code on the cloud and only you would have the key and/or the password to decipher it.
When the account owner needs access to their backup, they can access it with their 64-character encryption key, or they can use their personal password to retrieve their encryption key from the HSM-based Backup Key Vault and decrypt their backup.
There is an additional layer of safety. Too many wrong password attempts and the key will become “permanently inaccessible,” a measure designed to prevent so-called brute force attacks. And the service replicates your key in HSM-based Backup Key Vaults across five geographically disparate data centres, to ensure you can still access your chats even if one of them has an outage.
For this reason, the Facebook-owned service has made this feature optional, letting the user choose what is more important to them, the added layer of security or surety their interactions will not disappear.
“We’ve been working on this problem for many years and to build this, we had to develop an entirely new framework for key storage and cloud storage that can be used across the world’s largest operating systems,” says WhatsApp product manager Calvin Pappas.
Although WhatsApp recently announced support for multiple devices, you’ll only be able to create encrypted backups on your primary device.
The feature will be rolled out soon via updates for all users.