WhatsApp has launched a major new security update, meaning that it is fully embracing end-to-end encryption.
WhatsApp message are already securely encrypted as they are passed between the people who are sending them, meaning that nobody – including WhatsApp – is able to see them. But, until now, any backups of those messages have not been encrypted, leaving them potentially open to hackers.
Now WhatsApp says that it will include end-to-end encrypted backups, too, meaning that they are secure all the way through the process. The company said that it had overcome “the final hurdle” in creating an entirely end-to-end encrypted messaging service.
In an announcement, Mark Zuckerberg said the feature had required building an “entirely new framework” to make sure the backups worked.
“We’re adding another layer of privacy and security to WhatsApp: an end-to-end encryption option for the backups people choose to store in Google Drive or iCloud,” Mark Zuckerberg said in his announcement.
“WhatsApp is the first global messaging service at this scale to offer end-to-end encrypted messaging and backups, and getting there was a really hard technical challenge that required an entirely new framework for key storage and cloud storage across operating systems.”
Mr Zuckerberg statement that WhatsApp is now the biggest service of its size to offer such secure encryption appears partly to be a shot at Apple, which has looked to position itself as a market leader on security. While Apple’s iMessage is end-to-end encrypted, backups of those messages are stored on iCloud in such a way that the company still has access to the key – meaning it can unlock them if requested to by law enforcement, for instance.
That level of security does, however, come with a cost. If a user loses access to their backups, there will be no way to get them back, since WhatsApp does not have the key to unlock the messages even with the consent of the person who sent them.
As such, the feature will be optional, and users will be able to avoid it if they wish.
The new feature will be rolled out to iOS and Android users “in the coming weeks”, WhatsApp said. It indicated that it had announced the feature early to ensure that security researchers and others were able to check over its proposals, which include detailed technical white papers on how its encryption works.
Encrypting messages entirely has led to some criticism from politicians, law enforcement and surveillance agencies, who argue that it is helpful to be able to access the chats of people who may be using messaging platforms for abuse, terror or other criminal activity.
Proponents of encryption – including WhatsApp – have argued however that weakening security just for those users means weakening it for everyone, and that the benefits of strong encryption outweigh those drawbacks.