A feature that WhatsApp began testing in early July is expected to roll out to all users “in the coming weeks,” according to a company spokesperson. Chat backups will now be protected by encryption, like messages from the service since 2016.
The feature will likely debut with the next app update, but there’s no timeline for it just yet. When deployed, users will be able to choose to create a 64-bit encryption key to protect chat backups which can be stored manually or accessed on the server side with a password.
WhatsApp encryption expected to cover chat backups with next app update
WhatsApp has become popular as a leading privacy-focused messaging app due to its strong encryption, and end-to-end encryption has been applied by default to all messages since 2016. It is not. currently with chat backups, however, which are stored in Google Drive or iCloud (depending on the device) with no encryption option.
The next update will change this, but will require users to sign up. The application will offer users the choice of how to manage the 64-bit encryption key that will be generated to protect chat backups: it can be stored locally, or stored in the cloud and protected by a separate password (different of the one used to connect to the application). Chat backups will be encrypted locally on the device before being sent to iCloud or Google Drive for storage, meaning that a subpoena to Apple or Google won’t be of much help for those. files.
WhatsApp and Google Drive / iCloud will not be able to view or access chat backups once encryption is enabled, but users who choose to store their key locally will need to be careful not to lose it. If the encryption key is lost, access to chat backups is also lost permanently. If users opt for password protection instead, there is more flexibility but also the low risk of a breach exposing login credentials at any given time. Still, the password situation would be a significant improvement over the complete lack of encryption in this area today.
WhatsApp also recently announced that it will support syncing multiple devices (up to four) via a phone, which would allow the service to continue to be used on those devices if the phone app is not available for one. some reason. Encryption will not be available for chat backups on these synced devices; all chat sessions outside of the smartphone app will apparently remain unencrypted if saved.
A closed encryption flaw for law enforcement
The move threatens to shut down one of law enforcement’s favorite sources to bypass the encryption. WhatsApp automatically backs up chats to the local device every day, and less sophisticated users who download it often follow prompts that set up regular Google Drive or iCloud backups. These users may not know that unencrypted backups of messages are regularly performed; you have to go to the “Settings” menu of WhatsApp to disable backups to cloud services or reduce the frequency once they are activated.
The move will also likely give WhatsApp an edge in the market for casual convenience-oriented users who don’t necessarily care about law enforcement access to messages. The app’s main rivals in the privacy and security space, Telegram and Signal, don’t automatically save chats. Encrypted chat backups can be enabled in Signal, but require a 30 character passphrase to restore.
Global deployment of end-to-end encryption for chat backups
Another cool feature of this update is that WhatsApp says it is rolling it out globally, even in markets where local laws prohibit end-to-end encryption or require the government to access it through a door. stolen. WhatsApp was banned in China for this reason in 2017, with the CCP demanding that Facebook provide backdoor access and the power to moderate messages. The messaging app has around two million users nationwide, however, who continue to access it (and Facebook) via VPN.
While WhatsApp’s end-to-end encryption is strong and widely regarded as a means of protecting privacy while messaging, this story points out that there are some limitations and some of them go unanswered. WhatsApp allows message recipients to report encrypted messages after they have been decrypted, allowing company moderators to examine them for possible violations of platform rules. There are also many rumors that Facebook is looking to develop an AI capable of inferring something from the content of encrypted messages so that relevant ads can be served alongside them.