WhatsApp is adding end-to-end encryption (E2EE) for chat backups. The Facebook-owned messaging app has offered E2EE for one-on-one as well as group conversations for years now. But cloud backups of chats — stored in Google Drive on Android and iCloud on iOS — don’t have the same level of security. Backups are stored in an unencrypted format, with the respective cloud service provider overseeing the security. This means the messages are readable to anyone who has access to the backups.
Users can secure their chats with 2FA (two-factor authentication) when restoring on their device, but that’s about it. Sure enough, WhatsApp does not have access to these backups. But law enforcement agencies could read the messages whenever they want.
WhatsApp is now adding an extra layer, and the most efficient one, of security to cloud backups of chats so no one can read them. The company has been testing E2EE for chat backups for the past few months. It has now officially announced the rollout. With E2EE, neither WhatsApp nor the cloud service provider will have access to these backups. Only the sender and the recipient will be able to see the messages and no one in between. The backups will be unreadable without an encryption key, which is only available to you, the user.
“WhatsApp is the first global messaging service at this scale to offer end-to-end encrypted messaging and backups,” Facebook CEO Mark Zuckerberg said in a Facebook post announcing this new feature. “Getting there was a really hard technical challenge that required an entirely new framework for key storage and cloud storage across operating systems.”
WhatsApp adds end-to-end encryption for cloud chat backups
E2EE for chat backups will be an optional feature. Users who opt to enable the feature will require to either manually store the 64-digit encryption key or set up a password. With the former option, you will need to manually enter the key to decrypt and access your backups.
But if you choose the password option, your encryption key will be stored in a hardware security module (HSM). Entering the correct password will give you access to this vault so you can retrieve your encryption key. This key is then used to decrypt your chat backups when you restore them to your device.
WhatsApp warns that repeated unsuccessful attempts, i.e. incorrect password inputs, to access the HSM Backup Key Vault will permanently lock you out of it, rendering the key inaccessible. So you want to be very careful with your password.
E2EE for cloud chat backups on WhatsApp will be available to all of its two billion-plus users. The feature will begin rolling out to both Android and iOS versions of the app in the coming weeks. The company has provided all the technical details about E2EE for could chat backups in a white paper here.