On Friday Whatsapp said that its two billion users would be able to encrypt their conversation backups to the cloud, a big step toward addressing one of the trickiest ways private communication between individuals on the service may be jeopardized
Zuckerberg said in a post on his Facebook page, “We’re adding another layer of privacy and security to WhatsApp: an end-to-end encryption option for the backups people choose to store in Google Drive or iCloud. Whatsapp is the first global messaging service at this scale to offer end-to-end encrypted messaging and backups, and getting there was a really hard technical challenge that required an entirely new framework for key storage and cloud storage across the operating system.”
WhatsApp has a global user base of over 2 billion people, including over 400 million of them in India. Every day, these people transmit about 100 billion texts.
Encryption is the process of encrypting data in such a way that even service providers are unable to decipher it. End-to-end encryption ensures that only the intended sender and receiver may view the messages transmitted.
This end-to-end chat encryption between the users has been provided for more than a decade. Users, on the other hand, have had no choice but to save their conversation backups in an unencrypted manner to their cloud — iCloud on iPhones and Google Drive on Android.
“Prior to the introduction of end-to-end encrypted backups, backups stored on Apple iCloud and Google Drive were not protected by WhatsApp’s end-to-end encryption.
Now we are offering the ability to secure your backups with end-to-end encryption before they are uploaded to these cloud services,” Explaining the technology behind this new update, WhatsApp said in a whitepaper.
It also explained that “With end-to-end encrypted backups enabled, before storing backups in the cloud, the client encrypts the chat messages and all the messaging data (i.e. text, photos, videos, etc) that is being backed up using a random key that’s generated on the user’s device. The key to encrypt the backup is secured with a user-provided password. The password is unknown to WhatsApp, the user’s mobile device cloud partners, or any third party.”
The firm claims to have developed a method that allows WhatsApp users on Android and iOS to encrypt their conversation backups. WhatsApp claims it would provide users with two options for encrypting their cloud backups, both of which are optional. WhatsApp users will be able to obtain a 64-digit encryption key to lock their conversation backups in the cloud in the “coming weeks.” Users may keep the encryption key offline or in their preferred password manager, or they can establish a password that backs up their encryption key in WhatsApp’s cloud-based “backup key vault.” Without the user’s password, which WhatsApp does not know, the cloud-stored encryption key cannot be utilized.
“We know that some will prefer the 64-digit encryption key whereas others want something they can easily remember, so we will be including both options. Once a user sets their backup password, it is not known to us. They can reset it on their original device if they forget it,” WhatsApp said.
“For the 64-digit key, we will notify users multiple times when they sign up for end-to-end encrypted backups that if they lose their 64-digit key, we will not be able to restore their backup and that they should write it down. Before the setup is complete, we’ll ask users to affirm that they’ve saved their password or 64-digit encryption key.”
This will be available as an optional feature on WhatsApp, and it will be rolled out to iOS and Android users in the coming weeks.
WhatsApp created a whole new encryption key storage mechanism that works with both iOS and Android to provide end-to-end secured backups.