Facebook-owned WhatsApp has completed building end-to-end encrypted backups for chats and will soon roll out this extra feature for privacy as an option to users. The company claims that with the new end-to-end encrypted chat backups, no other competing messaging service can provide this level of security concerning users’ chat and media data. The backup facility will be released as an optional feature and in the coming weeks, the new update will be functional to both iOS and Android users.
"We are announcing this now to provide the broader technical community with our approach before it's available to our beta testers and eventually everyday users. In the coming weeks, we will be adding end-to-end encrypted backups as an additional layer of security for those who want it," the company said in a statement. “If someone chooses to back up their chat history with end-to-end encryption, it will be accessible only to them, and no one will be able to unlock their backup, not even WhatsApp,” the company added.
WhatsApp head Will Cathcart said in his tweet that the company is providing options for users to remember a 64-bit key or choose a password that neither the company nor Apple or Google can know and access to successfully enable the encryption.
“WhatsApp believes free societies need the best security to protect people. Billions of people now have sensitive digital information like their private messages — and that information is at an increased risk of being stolen by hackers, criminals, and even hostile states themselves,” Cathcart said in his series of tweets. He mentioned that the company's main feedback from people is that they want WhatsApp to collect lesser data and offer even more privacy. Hence, this update is an important move.
The move is being looked at as a step towards closing a loophole that allowed user chats to be out of protection and could, therefore, be accessed by a third party affecting the user’s privacy. This add-on is specifically important in India since WhatsApp lost trust among its users. This was after the privacy backslash this year when Facebook purchased the company, and many users switched to other messaging services such as Telegram and Signal.
How end-to-end encryption backup is better than the existing chat backup feature?
Most WhatsApp users create backups of their chats, which include text messages, photos, videos, and documents shared on the messaging platform. As the content of message chats is valuable to its users, WhatsApp offers an in-app backup feature to protect the content in the event a user’s device is lost or stolen. This feature aids the transfer of their chat history to a new device without any loss of data.
While WhatsApp’s chat service is end-to-end encrypted, it earlier depended on cloud partners like Google Drive or iCloud to store backups of WhatsApp data. In its statement about this latest update, the company said that once the chats were uploaded to Google Drive or iCloud, they were out of the encryption channel and weren’t private anymore. In several cases, armed with a warrant, law enforcement agencies across the world have been able to gain access to WhatsApp chats through backups stored on these cloud services. Hence, this end-to-end encryption backup was necessary.
How can users enable the encrypted backup option?
Once the service is rolled out later this year, the users will get an option to turn on encryption for their backups. Once a user decides to encrypt the backup, a 64-digit key will be generated — this key will be necessary for the backup to be restored at a later point in time. Here, the user will have two options — either they can store the 64-digit key themselves for safekeeping or use WhatsApp’s new HSM Backup Key Vault to store their key with a password.
It is essential to note that in case the password, or the 64-digit key, or the device through which the key was generated is lost, the user will lose access to the backup. The encryption of the backup will happen before it is uploaded to one of the two cloud services and will stay there as an encrypted file that will be accessible only with the use of the 64-digit key.
Whenever someone tries to retrieve their backups, they will enter their password. Once the password is verified by the Backup Key Vault, it will send the encryption key back to the WhatsApp client. With the key in hand, the WhatsApp client can then decrypt the backups. Alternatively, if a user has chosen to use the 64-digit key alone, they will have to manually enter the saved key to decrypt and access their backups.
Moreover, WhatsApp will also duplicate your key five times, storing each copy in five different data centers across different geographies, effectively ensuring that if one data center suffers an outage, you can still access your chat history.
What could be the impact of this feature?
This feature comes at a time when WhatsApp was already facing challenges in governments. The new option is expected to give users greater privacy and protection against snooping. However, governments across the globe have been seeking to push back against encryption technology.
They have been setting up conflicts about privacy protection between technology companies and governments. The Indian government, in its IT rules, announced this year, mandated significant social media intermediaries (those with more than 50 lakh users) to reveal the originator of a message.
WhatsApp has challenged the IT rules in court, calling them unconstitutional. “Some governments continue to suggest using their powers to require companies to offer weaker security. We think that’s backward: we should demand more security from companies for people’s sensitive information, not less,” replied Cathcart.
To sum up
Although WhatsApp's latest security measure is highly welcomed, concerns still swirl over the kind of information it shares with Facebook and Facebook's third-party companies – specifically relating to the metadata it collects.
Other messaging apps like Signal, for instance, have entirely circumvented the issue of users' chats becoming compromised by not storing any of them on cloud backups at all. However, for those insistent on having a safe and secure backup of their chats, using WhatsApp could be the best option.