Facebook’s WhatsApp on Thursday began a global rollout of end-to-end (E2E) encryption for message backups, which offers Android and iOS users with the ability to protect WhatsApp messages stored in Google Drive and Apple iCloud.
WhatsApp claims no other similarly large global messaging service provides E2E encryption for users’ stored communications and media – WhatsApp has more than 2bn users and in some regions serves as the de facto communications platform. Parent company Facebook said last month that WhatsApp would be deploying E2E encryption for backups.
WhatsApp introduced default E2E encryption for messages in 2016, meaning WhatsApp message content could not be read if intercepted while in transit over the network. Such messages get decrypted on the user’s device to make them readable. That’s one reason why attackers exploited a WhatsApp software vulnerability in 2019. The incident underscores the limits of encryption.
Last month, the fact that WhatsApp messages exist in a readable form when accessed by users prompted ProPublica to question the integrity of WhatsApp’s security. The news organization’s report was quickly dismissed by security experts who observed that the existence of a mechanism for users to report illegal content that they can view on their own devices does not amount to a flaw in the system.
While encryption isn’t sufficient on its own to guarantee security, its availability for WhatsApp backups closes a gap in the communications chain. Now those who wish to keep copies of their messages off their devices can do so with less concern of message exposure due to a cloud service security incident or unwanted account access.
Most significantly, WhatsApp is allowing users to manage their own encryption key. When service providers retain key control, they can be required to provide them to authorities. And service providers also become a particularly appealing target for cybercriminals if they store customers’ keys.
64 and done, if you use it
“You can now secure your end-to-end encrypted backup with either a password of your choice or a 64-digit encryption key that only you know,” the messaging company said in a blog post. “Neither WhatsApp nor your backup service provider will be able to read your backups or access the key required to unlock it.”
WhatsApp E2E encrypted backup is not on by default, however; users must activate it via the following menu path:
Settings > Chats > Chat Backup > End-to-end Encrypted Backup. Thereafter, users must create a password or key, whereupon they become responsible for securing their key and being able to recall it when needed. That’s an obligation not everyone is prepared to handle.
To further complicate matters, iOS users using iCloud Backup for their iPhone are storing their WhatsApp messages in their decrypted form – though they may be subsequently encrypting those files via Apple’s Encrypt Backup option (for which Apple manages the key). Those who’d prefer to keep their WhatsApp messages locked up with their own key should disable automatic iCloud Backup, so WhatsApp messages don’t get copied to the cloud before encryption can be applied.
Notably absent from WhatsApp’s encrypted backup system is any sort of on-device scanning for illegal material, a scheme Apple planned to implement until the online security community rose up in opposition.
In August, when Apple was being criticized for proposing to run its child sexual abuse material (CSAM) monitoring code on customers’ devices, WhatsApp CEO Will Cathcart said WhatsApp managed to make more than 400,000 reports to the National Center for Missing and Exploited Children (NCMEC) last year without breaking encryption.
“I think [Apple’s CSAM scanning proposal] is the wrong approach and a setback for people’s privacy all over the world,” he said via Twitter. “People have asked if we’ll adopt this system for WhatsApp. The answer is no.” ®