The Facebook-owned WhatsApp messaging service is now testing end-to-end encryption for iCloud backups. The feature was designed to protect your chat archive while it’s being uploaded to or downloaded from iCloud and stored on Apple’s servers (at rest).
STORY HIGHLIGHTS:
- WhatsApp’s latest iPhone beta includes encrypted iCloud backups
- The long-awaited feature patches a major security loophole on WhatsApp
- Law enforcement could easily gain access to unencrypted WhatsApp backups
WhatsApp is testing encrypted backups on iCloud
WhatsApp has kicked off testing of a new feature that encrypt chat backups stored on Apple’s servers after the Facebook-owned service announced encrypted iCloud backups last month.
As WABetaIno reports, this upcoming feature is available in WhatsApp Beta for iOS version 2.21.200.14. When it rolls out to everyone, WhatsApp users will be able to back up encrypted chat archives, media and attachments on iCloud without worrying about security.
People who are included in the test are offered the option to secure their backups in iCloud with a 64-digit encryption key. The user is responsible for keeping the password safe by writing it down or storing it in one of the password manager apps. Without the encryption key, no one can access the chat backup, not even the user themselves.
TechCrunch reported that WhatsApp has also developed a vault for storing the encryption key:
Users can also create a password that backs up their encryption key in a cloud-based “backup key vault” that WhatsApp has developed. The cloud-stored encryption key can’t be used without the user’s password, which isn’t known by WhatsApp.
This feature patches a major security loophole in WhatsApp. Accessing unencrypted WhatsApp chat backups on Google and Apple servers is “one of the widely known ways law enforcement agencies across the globe have for years been able to access WhatsApp chats of suspect individuals.” Read: How to check if a phone number is on WhatsApp
Encrypted WhatsApp chats on Google Drive, too
WhatsApp said last month end-to-end encrypted chat backups were coming to both Apple’s iCloud and Google’s Drive services, with Mark Zuckerberg saying in a post on Facebook:
We’re adding another layer of privacy and security to WhatsApp: An end-to-end encryption option for the backups people choose to store in Google Drive or iCloud. WhatsApp is the first global messaging service at this scale to offer end-to-end encrypted messaging and backups, and getting there was a really hard technical challenge that required an entirely new framework for key storage and cloud storage across operating systems.
Actually, Zuckerberg, iMessage is the first global messaging service to offer end-to-end encrypted messaging. You probably omitted it because iMessage is not cross-platform like WhatsApp. One thing is certain: Without end-to-end encrypted backups, WhatsApp users are at risk of having their entire chat archives accessible to law enforcement and malicious users.
The police won’t like WhatsApp’s encryption for iCloud backups
With end-to-end encryption, your WhatsApp backups are protected when they’re being created on the device, while being uploaded to iCloud or downloaded from it, as well as when the files reside stored on Apple’s servers. Not even Apple, nor WhatsApp for that matter, keeps the encryption key required to read or modify data in the backup file on iCloud.
And without the encryption key, rogue parties do not have the means to decrypt the backup file. In other words, end-to-end encryption for iCloud backups means law enforcement cannot compel Apple or WhatsApp to hand over a user’s WhatsApp chat archive backed up in iCloud. No one can decrypt your chats without knowing your unique decryption key.