Reading Time: 3 minutes
WhatsApp users can now encrypt their chat backups in Cloud, putting an end to the tricky ways private data could be compromised.
WhatsApp chats are end-to-end encrypted but users never had the option of storing their chat backup on the Cloud ie. iCloud for iPhones and Google Drive for Android in an unencrypted format.
For many years law enforcement agencies across the world used these unencrypted WhatsApp chat backups on Google and Apple servers to access chat conversations of suspect individuals.
With the latest feature, WhatsApp will further secure this weakness in its system.
Mark Zuckerberg, Facebook chief executive in a blog post said, “WhatsApp is the first global messaging service at this scale to offer end-to-end encrypted messaging and backups, and getting there was a really hard technical challenge that required an entirely new framework for key storage and cloud storage across operating systems.” said Facebook’s chief executive Mark Zuckerberg said in a post announcing the new feature.
Store WhatsApp chat backup with own encryption keys
Users will now be able to store their chat backup on Android and iOS with their own encryption keys. WhatsApp will provide users two ways to encrypt their cloud backups, and the feature is optional.
WhatsApp users will soon get an option in the coming weeks, to generate a 54 digit encryption key to lock their chat backups in the cloud. You can either store the encryption key offline or in a password manager you like.
Users can also create a password to back up their encryption key in a cloud-based “backup key vault” developed by WhatsApp. One cannot use the cloud-stored encryption key without using the user password, this is not known by WhatsApp.
According to WhatsApp, “We know that some will prefer the 64-digit encryption key whereas others want something they can easily remember, so we will be including both options. Once a user sets their backup password, it is not known to us. They can reset it on their original device if they forget it”
WhatsApp further added, “For the 64-digit key, we will notify users multiple times when they sign up for end-to-end encrypted backups that if they lose their 64-digit key, we will not be able to restore their backup and that they should write it down. Before the setup is complete, we’ll ask users to affirm that they’ve saved their password or 64-digit encryption key.”
According to WhatsApp once the encrypted backup is created, previous versions of the backup will get deleted. All this will take place automatically and users will need to take no action.
Is this a Good Decision?
The topic of end-to-end encryption has been a cause for concern amongst many governments across the world. Law agencies have always been unhappy with it as they are finding it difficult to find backdoors in encrypted data.
Whatsapp on the other hand while talking to Techcrunch said, “People’s messages are deeply personal and as we live more of our lives online, we believe companies should enhance the security they provide their users. By releasing this feature, we are providing our users with the option to add this additional layer of security for their backups if they’d like to, and we’re excited to give our users a meaningful advancement in the safety of their personal messages.”
Apple has also been pressured not to add encryption to iCloud Backups. While Google allows its users to encrypt their data stored in Google Drive, the company did not disclose this with the governments before the feature was rolled out.
While WhatsApp confirmed it will roll out the latest feature worldwide where its app is in operation, Apple will prohibit its encrypted feature in countries such as China, Belarus, Egypt, Kazakhstan, Saudi Arabia, Turkmenistan, Uganda, and the Philippines.
Uzma Barlaskar, product lead for privacy at WhatsApp ended by saying, “Making backups fully encrypted is really hard and it’s particularly hard to make it reliable and simple enough for people to use. No other messaging service at this scale has done this and provided this level of security for people’s messages. We’ve been working on this problem for many years, and to build this, we had to develop an entirely new framework for key storage and cloud storage that can be used across the world’s largest operating systems and that took time.”