Photo Credit: WhatsApp
WhatsApp is set to soon roll out end-to-end encrypted cloud backups on Android and iOS. The new move will help users keep their chats end-to-end encrypted even when they are a part of WhatsApp backups stored on a cloud service such as Apple iCloud or Google Drive. WhatsApp has worked from scratch to enable anticipated end-to-end encrypted backup support for its users. Notably, the instant messaging app has been offering end-to-end encrypted messages on its platform since 2016, and the update is essentially an expansion of that level of security to chat backups.
Facebook CEO Mark Zuckerberg on Friday announced through a post on the platform that WhatsApp has completed building end-to-end encrypted backups and will soon begin rolling out the new layer of privacy and security protection to users.
The end-to-end encrypted backups will be available as an optional feature that users need to manually enable on the app. It will be rolled out to both Android and iOS devices in the coming weeks, the Facebook-owned company said.
Users will be able to enable end-to-end encryption for their chat backups on WhatsApp by creating a password that they will be required to restore their backup in the future. Alternatively, WhatsApp will also be able to use their 64-digit encryption key for authentication.
By enabling end-to-end encryption for backups, users will be able to protect their chat history from being accessed by any third parties. The company claims that neither WhatsApp nor the backup service provider including Apple and Google will have access to the end-to-end encrypted key and backups of users.
WhatsApp has been allowing users to keep their chat backups on Apple iCloud in case of iPhones and on Google Drive in case of Android phones. But in both cases, the backups stored in the cloud are not protected by an end-to-end encryption from the WhatsApp side. This means that the data could be read by a third party. It has brought some instances in which third parties including law-enforcement agencies might have gained user data access. This is where the new end-to-end encrypted backups could be helpful.
The level of security through the new feature will be identical to how WhatsApp messages are protected under end-to-end encryption. However, WhatsApp engineers need to work hard to implement the advancement — particularly considering the fact that there are more than two billion users on the app who send over 100 billion messages a day and most of them use cloud backups to protect their chat history.
With end-to-end encrypted backups, WhatsApp will encrypt the chat messages and all the existing messaging data including text, photos, and videos that is being backed up using a random key that will be generated on the device.
WhatsApp has built a Hardware Security Module (HSM) based Backup Key Vault that will come into effect when a user is opting for a personal password to protect their chat backups. This Vault service will save encryption keys for user backups on a per-user basis and work as a physical locker in your bank to store the keys that help keep backups secured with a user-provided password. It returns the key after validating your password each time when you need to restore your end-to-end encrypted backup. The service also ensures that the encryption key won't be provided after a certain number of unsuccessful attempts.
To avoid data centre outage issues, WhatsApp says that it is keeping the Backup Key Vault service geographically-distributed across multiple data centres.
“Because the backups are encrypted with a key not known to Google or Apple, the cloud provider is incapable of reading them,” WhatsApp said in a whitepaper.
It is important to note that if a user forgets their password and loses access to their phone, they will not be able to recover their encrypted backup.
In case a user is not opting for the password option for their end-to-end encrypted backups and are using a 64-digit key instead, they will be required to manually enter the key on the app to decrypt and access their backups.
WhatsApp was initially spotted bringing end-to-end encrypted backups on its platform in July. Last month, the app was also found to be working on extending end-to-end encryption to local backups, though there is no official word on its rollout.
That said, the end-to-end encrypted backups feature will initially reach beta testers on Android and iOS in the coming days — before reaching end users.