Thinking about creating an extra layer of protection for files saved in cloud storage services, WhatsApp will now offer encrypted app backups. See the company’s statement here.
The end-to-end encryption offered in WhatsApp messages will also be adopted for in-app backups.
Index of this article
Understanding the encryption
First of all, this is an automatic process. That is, it’s not necessary to activate settings or any commands to guarantee the security of your messages.
End-to-end encryption ensures that only conversation participants can read or hear the messages exchanged. Nobody else will have access to them, not even WhatsApp.
Message security is done through locks and only you and the person with whom you are communicating have the special keys needed to unlock them and read the messages.
WhatsApp will allow you to completely encrypt your backup messages
WhatsApp will move to allow encrypted backups and as such is adding an extra layer to its end-to-end encryption to improve the security of your chats in the messaging app. This protection in messages has been taking place through end-to-end encryption for years.
However, until now there has been no other option than to store your message backup in a third-party application (such as iCloud or Google Drive) in an unencrypted format. In fact, this was not a very secure option for storing your data.
Now you can have one less worry on your mind as your Google Drive or Apple iCloud backups will also have the option of being encrypted using end-to-end encryption.
But what does it mean? Now neither the backup service provider nor WhatsApp itself will be able to access your backup or your backup encryption key.
Facebook CEO Mark Zuckerberg announced the feature in a post on his profile:
“WhatsApp is the first global messaging service at this scale to offer end-to-end encrypted messaging and backups, and getting there was a really hard technical challenge that required an entirely new framework for key storage and cloud storage across operating systems.”
What’s new in this encryption?
This new feature for end-to-end encryption backups is made possible by a new encryption key storage system.
This storage system works with both iOS and Android.
If you decide to opt-in, you will be asked to generate a unique 64-digit encryption key or create a password.
You can store this key offline or in a password manager of your choice, or you can create a password that backs up your encryption key to a cloud-based backup key vault that WhatsApp has developed for this purpose.
WhatsApp will not know your password, and you will not be able to use your key without it.
In short, WhatsApp is giving you the option to encrypt your backups before they reach the cloud backups you use. The cloud will know it’s protecting your data, but it won’t know exactly what it’s protecting because it won’t have access to your messages.
To further protect your data, WhatsApp will make your key “permanently inaccessible” in case of multiple attempts by entering too many incorrect passwords.
WhatsApp will now offer encrypted backups and, likewise, will store your key in a backup key vault that is not even accessible to WhatsApp.
Furthermore, neither Apple nor Google will be denied access.
The key can only be unlocked using your password, which gives you access to your chat backups.
You can also choose to manage the key yourself if you remember the password, or use a password manager.
Understand the importance of the new feature
Lack of security in social media applications has been an ongoing issue, so it’s no surprise that some companies are looking for solutions to protect their users’ data against dominant and insecure cloud providers.
Before this new encryption functionality, it was possible, for example, that Apple or Google could hand over your data to law enforcement authorities if requested. Now that is not likely to happen.
Plus, by adding this extra layer of protection, WhatsApp is taking its security one step further than Apple.
In this case, Apple holds the keys to encrypted backups of your iMessages – defrauding the purpose of protecting your chats in the first place.
Also new is that WhatsApp will duplicate your key in backup key vaults in five data centers in different geographic locations.
This action is to ensure that you can still access your conversations even if one of the data centers might experience an outage, and so you can always get your WhatsApp encrypted backups back.
Continuous online security
It’s no secret that online security is one of the biggest concerns for social media users these days.
By updating your encryption to end-to-end, enabling you to add an additional layer of protection, WhatsApp is doing its part to ensure your data is secure so you can be sure that no one has access to your data.
As concerns about our data and conversations about online security will continue for years, we can only hope that more companies will oppose government entities seeking access to user data.
And as technology continues to evolve and improve, perhaps more companies will find solutions to close existing gaps and keep user data safe.
Did you like the encrypted backups on WhatsApp?
I’ll tell us what you think of this news!
Don’t forget to also check out our guide on what to do if you think your WhatsApp account was stolen!