RC IRK
Related Articles
WhatsApp fixes a huge loophole that exists in its end-to-end encryption feature that protects your chats. To better protect your data, the SMS app adds an extra layer of protection to keep you and your data safe.
Additionally, WhatsApp announced that you can fully encrypt your message backups, making your chats unreadable to both WhatsApp and third-party cloud services.
This comes at a time when government agencies around the world are posing a threat to the security of users’ online data, making this a significant step forward from WhatsApp. In this article, you will learn how WhatsApp’s new end-to-end encryption feature works and why it is vital to your online security.
WhatsApp allows you to fully encrypt your message backups
WhatsApp adds an extra layer to its end-to-end encryption to improve the security of your chats in the messaging app.
WhatsApp has been protecting your messages with end-to-end encryption for years. So far, however, you’ve had no choice but to save your chat backup in an unencrypted format in a third-party app (like iCloud or Google Drive). Unfortunately, as you may have guessed, this is not the safest option for your data.
To overcome this security problem, WhatsApp now offers you the option of encrypting backups with end-to-end encryption. This will secure the backups you upload to Google Drive or Apple iCloud and make them illegible without an encryption key.
This means that if you enable end-to-end encrypted backups for your chats, neither WhatsApp nor the backup service provider will be able to access your backup or your backup encryption key.
Facebook boss Mark Zuckerberg announced the feature in a post on his profile:
WhatsApp is the first global messaging service of its size to offer end-to-end encrypted messaging and backups, and this was a really tough technical challenge that required an entirely new framework for key storage and cloud storage across operating systems.
This is how encryption works
This new end-to-end encryption backup feature is made possible by a new encryption key storage system that works with both iOS and Android. If you choose to participate, you will be asked to generate a unique 64-digit encryption key or create a password.
You can save this key offline or in a password manager of your choice, or create a password that will secure your encryption key in a cloud-based backup key vault that WhatsApp developed for this purpose. WhatsApp does not know your password and you cannot use your key without it.
In essence, WhatsApp gives you the option to encrypt your backups before they go to the cloud backups you use. The cloud knows that it is protecting your data, but it doesn’t know exactly what it is protecting because it doesn’t have access to your chats.
To further secure your data, WhatsApp makes your key “permanently inaccessible” if you enter too many incorrect passwords at once.
Here’s how to fully encrypt your message backups on WhatsApp
If you choose the new encryption feature, WhatsApp will encrypt your chats – including your messages, media, and all of your WhatsApp data – with a unique key generated on your device. You can either secure this key with a password or do it manually with a 64-digit encryption key.
WhatsApp stores your key in a backup key vault that is not accessible to WhatsApp, Apple or Google. The key can only be unlocked with your password, which gives you access to your chat backups. You can also manage the key yourself if you remember the password.
Why WhatsApp’s new encryption feature is important
The lack of security in social media apps is a persistent problem, so it is not surprising that some companies are looking for solutions to protect their users’ data from insecure dominant cloud providers. But why is WhatsApp so important that it adds an extra layer of protection to your chats?
WhatsApps’ encryption of your messages means it won’t be able to see them at any point, so they are safe. However, the problem arises when you back up your messages and other data to iCloud or Google Cloud that are not end-to-end encrypted. This means, for example, that Apple or Google can hand over your data to the law enforcement authorities upon request.
WhatsApp also wants to ensure that your ability to get your end-to-end encrypted backup and decrypt your chat history remains intact in the event a data center or any of the elements that help keep the data center up and running is hit becomes way.
WhatsApp, for example, duplicates your key in backup key vaults in five data centers in different geographic locations to ensure you can access your chats even if one of the data centers goes down.
Plus, with this extra layer of protection, WhatsApp takes your security a step further than Apple, which holds the keys to encrypted backups of your iMessages – which defeats the purpose of protecting your chats in the first place.
WhatsApp addresses an ongoing need for online security
It’s no secret that online security is one of the top concerns of social media users today. By updating end-to-end encryption with the ability to add an extra layer of protection, WhatsApp is doing its part to ensure that your data is safe so you can be sure that no one has access to your data.
With concerns about our data and discussions about online security going on for years, one can only hope that more companies will stand up to government agencies seeking access to user data.
And as technology continues to develop and improve, perhaps more companies will find solutions to close existing loopholes and protect users’ data.
Continue reading
About the author
