While WhatsApp chats have long been end-to-end encrypted, the same can’t be said of the iCloud or Google Drive backups that keep your backups safe, but not protected.
WhatsApp has now announced its cloud chat backups will soon be fully end-to-end encrypted, joining the E2EE conversations already available between sender and recipient.
In a post on the Facebook engineering blog, the company explains that once the backups are encrypted, neither “WhatsApp nor the backup service provide” will have access to the backup or the encryption key that protects it.
WhatsApp says it has developed an entirely new system for encryption that’ll work for both iOS and Android, and it will be rolling out in the coming weeks.
The company says that the encryption involves a “unique, randomly generated encryption key.” It’ll be possible to store that 64-digit key, but users can also keep it behind a password. The password can be changed but the key cannot, so those selecting the former option will ned to keep hold of it.
“When the account owner needs access to their backup, they can access it with their encryption key, or they can use their personal password to retrieve their encryption key from the HSM-based Backup Key Vault and decrypt their backup,” WhatsApp says in the blog post.
Here’s how it’ll work when you want to retrieve a back-up:
- They enter their password, which is encrypted and then verified by the Backup Key Vault.
- Once the password is verified, the Backup Key Vault will send the encryption key back to the WhatsApp client.
- With the key in hand, the WhatsApp client can then decrypt the backups.
WhatsApp has been enabling users to access end-to-end encryption since 2016, so you might say this move is a little overdue. It also comes after WhatsApp rolled out the ability to transfer conversation histories from iPhone to Android, starting with Samsung phones.
If you want to learn more about the encryption policy, the company has published a white paper on the matter.