WhatsApp is encrypting backups stored in Google Drive and Apple iCloud. The much-awaited move will close the loophole allowing user chats to be accessed by third parties. Read to know how this will affect you.
Why are encrypting backups important?
Most of us probably have backups of our WhatsApp chats on Google Drive or iCloud. These chat backups include images, voice messages, videos, and documents apart from messages shared on WhatsApp. While the popular messaging app has end-to-end encryption on the app, the same does not stand true for backups. After all, until now this depended on the cloud storage provider. “The content of message chats is valuable to WhatsApp users. WhatsApp offers an in-app backup feature to protect the content in the event a user’s device is lost or stolen. And, to enable the transfer of their chat history to a new device,” stated WhatsApp.
Earlier the Facebook-owned company said that once uploaded to iCloud or Google Drive, they were out of WhatsApp’s encryption channel. Hence, they were no longer private. Law enforcement agencies across the world gained access to stored chats with the help of a single warrant. However, once this new feature is ready, users can turn on encryption for their backups. Moreover, the option to not have backups will still be around. This way, your messages will never go out of WhatsApp.
“Currently, end-to-end encrypted backups are only supported on a user’s primary device. We recommend that users who opt into end-to-end encrypted backups also deselect WhatsApp from the apps included in their device-level backups. We will inform users when they set up their end-to-end encrypted backup in WhatsApp,” added the company.
How does this new WhatsApp service work?
Once you decide to encrypt your WhatsApp chat backup, the app generates a 64-digit key. This key is vital for restoring backups later on. the user can either store this key by themselves or use WhatsApp’s Key Vault. The Key Vault is the app’s new backup service is backed by a hardware security module. However, if you lose this 64-digit key, you will also lose access to your chat backup. After all, the WhatsApp backups are only accessible with the key.
“With the introduction of end-to-end encrypted backups, WhatsApp has created an HSM (Hardware Security Module) based Backup Key Vault to securely store per-user encryption keys for user backups in tamper-resistant storage, thus ensuring stronger security of users’ message history,” explained WhatsApp.
Whenever you wish to retrieve your chat backups all you need to do is enter your password. The Backup Key Vault encrypts and verifies the password. Once your password is verified, WhatsApp’s Backup Key Vault will send the encryption key to the WhatsApp client for decrypting messages. However, if you manually stored the 64-digit key, you need to enter it for the backup decryption.
“Of course, whenever technologists advance security, some will argue that offering more privacy is bad if it makes it harder for governments to access that information. We believe free societies need the best security to protect people. Billions of people now have sensitive digital information — like their private messages — and that information is at an increased risk of being stolen by hackers, criminals, and even hostile states themselves” said Will Cathcart, the head of WhatsApp.
