WhatsApp's new End-to-End Encrypted Backups for Chats closes a longstanding security loophole

 

WhatsApp has begun rolling out the option for end-to-end (E2E) encryption of chat backups on both iOS and Android devices.

This will provide users with the ability to secure their backed up message history stored in the cloud. This capability resolves a previously known security gap that potentially made user data available to unintended third parties when storing cloud backups.

 

As Facebook points out in the announcement, WhatsApp already uses end-to-end encryption for chats stored on your phone. However, chat backups, stored on Google Drive or iCloud, were not similarly encrypted, and many users asked for that to change. So WhatsApp has begun slowly adding the feature.

GettyImages-507718626-b1b7f783472e4d3185c933363588d88d.png, Oct 2021

Encrypting your backups is optional, so if you're not interested in taking steps to set it up, you won't have to. If you do want to encrypt your backups, however, you'll have the choice to either set your own personal password or use a 64-digit encryption key.

According to Facebook, once encrypted, your backups will not be readable by Facebook, WhatsApp, or your backup service provider (i.e., Google Drive or iCloud). Only you or someone with your password or encryption key will be able to view those backups.

Bleeping Computer points out that accessing end-to-end encryption for your chat backups is pretty straightforward once it's available to you.

The option will appear as a new menu option under the Chat Backup menu, and the app will take you through the setup process with various prompts.

GettyImages-1140197869-57f3fb8c86204e839fa6a63d53954330.png, Oct 2021

While the new functionality does provide enhanced security for WhatsApp users and their data, it does not provide complete and total anonymity. Metadata information such as dates, times, senders, and receivers are still retrievable from the message.

While this may not provide the content of the message to an unintended third party, it can provide some indication of the subject matter and urgency of the message. The encryption also does nothing to combat other security vulnerabilities such as compromised receiver endpoints and unencrypted intermediary servers encountered in transit.

The rollout for backup E2E encryption already has started, but it will take a little while to reach all WhatsApp users.

If you want to use E2E encryption for your backups, you'll need to make sure you've updated to the latest version of WhatsApp. Then you just have to wait until the option reaches you.

Source: lifewire.com