WhatsApp’s cloud backups get end-to-end encryption

Facebook is tightening WhatsApp’s security by extending end-to-end encryption (E2EE) to cloud backups via an update to the app on iOS and Android. This was already allowed on local WhatsApp backups, but the company will extend these security tools to online backups made to iCloud and Google Drive.

“Starting today, we are making available an additional, optional layer of security to protect backups stored on Google Drive or iCloud with end-to-end encryption. No other global messaging service on this scale offers this level of security for their users’ messaging, media, voice messages, video calls and chat backup,” the WhatsApp team shared this week.

It is an optional feature and users can enable it in WhatsApp settings when it is available. While WhatsApp’s link to Facebook means it carries the company’s stigma around privacy and security, the service has always been surprisingly secure. Person-to-person chats are secured by the same end-to-end encryption protocol as Signal, while the only loophole was with online chats. With this rollout, the company would close that and increase its privacy profile.

WhatsApp multi-device support image laptop, display, tablet
Facebook Tech Blog

“To enable E2EE backups, we developed an entirely new encryption key storage system that works with both iOS and Android. When E2EE backups are enabled, backups are encrypted with a unique, randomly generated encryption key. People can choose to protect the key manually or with a user password,” the WhatsApp team explained in September. “If someone chooses a password, the key is stored in a Backup Key Vault built from a component called a hardware security module (HSM) – specialized, secure hardware that can be used to securely store encryption keys. When the account owner needs access to their backup, they can access it with their encryption key, or they can use their personal password to retrieve their encryption key from the HSM-based backup key vault and decrypt their backup.”

Facebook’s other messaging services, Messenger and Instagram Direct, do not yet offer end-to-end encryption by default. Instead, the company offers a discreet private mode on Messenger for people who want their conversations and chats secured. With Facebook planning to eventually merge all three services, it seems more likely that the company plans to make end-to-end encryption the standard at some point in the future.

Editor’s Recommendations

Leave a Comment