Facebook is beefing up WhatsApp’s security by extending end-to-end encryption (E2EE) to cloud backups through an iOS and Android app update.
This was always possible with local WhatsApp backups, but the business will now expand similar security features to iCloud and Google Drive backups.
“Beginning today, we’re introducing an additional, optional layer of protection available to secure backups stored on Google Drive or iCloud using end-to-end encryption.”
“No other global messaging service of this size delivers this level of protection for its customers’ messages, media, voice messages, video calls, and chat backup,” the WhatsApp team stated earlier this week.
When the functionality becomes available, users will be able to enable it in WhatsApp’s settings. While WhatsApp’s affiliation with Facebook carries with it the company’s reputation for privacy and security, the service has always been remarkably safe.
Person-to-person talks use the same end-to-end encryption mechanism as Signal, with internet chats being the lone exception. The corporation would be reducing that gap and raising its privacy profile with this launch.
“To make E2EE backups possible, we created an entirely new encryption key storage mechanism that works on both iOS and Android.” Backups will be encrypted with a unique, randomly generated encryption key if E2EE backups are enabled.
In September, the WhatsApp team explained that “people can opt to secure the key manually or with a user password.” “When a password is chosen, the key is saved in a Backup Key Vault, which is based on a component known as a hardware security module (HSM) – specialized, secure hardware that may be used to store encryption keys safely.”
When the account owner wants access to their backup, they can use their encryption key to decode it, or they can get their encryption key from the HSM-based backup key vault using their personal password.”
Messenger and Instagram Direct, two of Facebook’s other messaging services, do not yet support end-to-end encryption by default.
Instead, the firm provides a discrete private mode on Messenger for those who want to keep their calls and chats private. Given Facebook’s aspirations to eventually unify all three services, it appears more likely than not that end-to-end encryption will become the default at some point in the future.