WhatsApp Cloud Backups to Get End-to-End Encryption

WhatsApp Enhances User Privacy with Encrypted Cloud Backups

WhatsApp announced on Friday a new feature offering its two billion users the ability to encrypt their chat backups stored in the cloud. This represents a substantial advancement in safeguarding user communication on the platform.

For over ten years, the Facebook-owned service has provided end-to-end encryption for direct chats between users. However, previously, users were required to store their chat backups on cloud services – specifically iCloud for iPhone users and Google Drive for Android users – without encryption.

The Vulnerability of Unencrypted Backups

Accessing these unencrypted WhatsApp chat backups residing on Google and Apple servers has long been a recognized method for law enforcement agencies worldwide to obtain access to the conversations of individuals under investigation.

This practice has presented a significant privacy concern for users. The lack of encryption on backups created a potential point of compromise.

Addressing the Weak Link

WhatsApp is now addressing this security gap with the introduction of end-to-end encrypted backups. This change effectively closes a key vulnerability in the system.

“WhatsApp is the first global messaging service at this scale to offer end-to-end encrypted messaging and backups,” stated Facebook’s CEO, Mark Zuckerberg, in a public announcement. “Achieving this was a complex technical undertaking, necessitating a completely new framework for key storage and cloud storage across different operating systems.”

Technical Challenges Overcome

The implementation of this feature involved overcoming considerable technical hurdles. A new infrastructure was required to manage key storage and ensure secure cloud storage compatibility across various operating systems.

This update signifies a commitment to providing users with a more secure and private messaging experience. It strengthens the overall security architecture of the WhatsApp platform.

Securing Your WhatsApp Chat Backups with Encryption

WhatsApp has announced a new system empowering users on both Android and iOS platforms to safeguard their chat backups using encryption keys. This feature, offered as an optional enhancement, allows for increased privacy and control over personal data.

Within the next few weeks, WhatsApp users will be presented with a choice: generate a 64-digit encryption key or create a password. This key will be used to lock their chat backups stored in the cloud.

Key Management Options

Users have flexibility in how they manage their encryption key. It can be securely stored offline, within a preferred password manager, or backed up using a password within a newly developed cloud-based “backup key vault” created by WhatsApp.

Crucially, even when utilizing the cloud-based key vault, WhatsApp itself does not have access to the user’s password. This ensures that the encryption key remains under the user’s sole control.

“We recognize that user preferences vary,” stated WhatsApp. “Some will favor the security of a 64-digit key, while others will appreciate the convenience of a memorable password. Both options will be available.”

Should a user establish a backup password, it will remain inaccessible to WhatsApp. The password can be reset directly on the originating device if forgotten.

Important Considerations for Key Preservation

For those opting for the 64-digit encryption key, WhatsApp will provide repeated notifications emphasizing the importance of securely recording the key.

Users will be explicitly informed that losing this key will render their backup unrecoverable. Confirmation will be required before setup completion, verifying that the password or encryption key has been safely saved.

According to a WhatsApp spokesperson, the implementation of encrypted backups will automatically trigger the deletion of any pre-existing, unencrypted backup copies. “This process will occur automatically, requiring no intervention from the user,” the spokesperson clarified.

Concerns Regarding Potential Regulation

The implementation of this enhanced privacy measure represents a substantial development with potentially widespread consequences.

End-to-end encryption continues to be a complex subject, as governmental entities persistently advocate for the inclusion of backdoors. Reports indicate that Apple faced pressure to refrain from implementing encryption for iCloud Backups following objections from the FBI.

While Google has provided users with the capability to encrypt their data stored within Google Drive, the company is alleged to have not informed governments prior to the feature's release.

When questioned by TechCrunch regarding consultations with government bodies, or whether support had been secured, during the development of this feature, WhatsApp declined to comment on any such discussions.

“User messages are inherently private, and as more aspects of our lives transition online, we believe companies should prioritize enhancing the security offered to their users. This feature empowers users to opt for an additional layer of security for their backups, and we are pleased to deliver this meaningful improvement to the safety of personal messages,” a WhatsApp spokesperson stated to TechCrunch.

WhatsApp has also affirmed that this optional feature will be deployed across all markets where its application is available. It is not unusual for companies to restrict the availability of privacy features due to legal and regulatory constraints.

For example, Apple’s forthcoming encrypted browsing feature will not be accessible to users in specific authoritarian nations, including China, Belarus, Egypt, Kazakhstan, Saudi Arabia, Turkmenistan, Uganda, and the Philippines.

This announcement follows a recent ProPublica report revealing that private, end-to-end encrypted conversations between users can be accessed by human contractors when messages are flagged by users.

“Achieving fully encrypted backups is a significant technical challenge, particularly ensuring reliability and ease of use. No other messaging service operating at this scale has implemented this level of security for user messages,” Uzma Barlaskar, WhatsApp’s product lead for privacy, explained to TechCrunch.

Development Challenges

• A novel framework for key storage and cloud storage was developed.
• This framework is compatible with the world’s leading operating systems.
• The development process required considerable time and resources.

“We have dedicated many years to addressing this problem, and the creation of this feature necessitated the development of an entirely new infrastructure,” Barlaskar added.