Skip to main content
  1. Home
  2. Mobile

WhatsApp’s online backups are getting end-to-end encryption

Michael Allison
By

Facebook is tightening WhatsApp’s security by extending end-to-end encryption (E2EE) to cloud backups via an update to the app on iOS and Android. This was already allowed this on local WhatsApp backups, but the company will extend these security tools to online backups made to iCloud and Google Drive.

“Starting today, we are making available an extra, optional layer of security to protect backups stored on Google Drive or iCloud with end-to-end encryption. No other global messaging service at this scale provides this level of security for their users’ messages, media, voice messages, video calls, and chat backup,” the WhatsApp team shared this week.

It’s an optional feature, and users will be able to enable it in WhatsApp’s settings when it’s available. While WhatsApp’s link to Facebook means that it carries the company’s stigma around privacy and security, the service had always been surprisingly secure. Person-to-person chats are secured by the same end-to-end encryption protocol as Signal, while the only loophole was with online chats. With this rollout, the company would be closing that and increasing its privacy profile.

WhatsApp multi-device support image laptop, display, tablet
Facebook Engineering Blog

“To enable E2EE backups, we developed an entirely new system for encryption key storage that works with both iOS and Android. With E2EE backups enabled, backups will be encrypted with a unique, randomly generated encryption key. People can choose to secure the key manually or with a user password,” the WhatsApp team explained in September. “When someone opts for a password, the key is stored in a Backup Key Vault that is built based on a component called a hardware security module (HSM) — specialized, secure hardware that can be used to securely store encryption keys. When the account owner needs access to their backup, they can access it with their encryption key, or they can use their personal password to retrieve their encryption key from the HSM-based backup key vault and decrypt their backup.”

Facebook’s other messaging services, Messenger and Instagram Direct, do not yet offer end-to-end encryption by default. Instead, the company offers a discrete private mode on Messenger for people who want their calls and chats secured. With Facebook planning to merge all three services eventually, it seems more likely than not that the company plans for end-to-end encryption to be the default at some point in the future.

Editors' Recommendations

Topics
Video-editing app LumaFusion to get a Galaxy Tab S8 launch
A tablet featuring the LumaFusion video editing app.
Sorry, Elon — your Tesla phone is never going to happen
An iPhone 14 Pro with a Tesla logo Photoshopped on the back of it.
Hive Social is my favorite Twitter alternative, but that’s not saying much
iPhone 14 Pro in hand showing off profile page on Hive Social app
App subscription fatigue is quickly ruining my smartphone
App Store displayed on an iPhone 14 Pro against a pink background
Apple vs. Samsung: Who has the best lock screen customization in 2022?
Lock screen comparison of One UI 5 and iOS 16
Fitbit Cyber Monday Deals: Save on Sense 2, Charge 5, and Versa 2
Fall 22 Fitbit lineup inlcuding Sense 2, Versa 4, and Inspire 3.
Apple Cyber Monday Deals: Apple Watch, AirPods, iPad, MacBook
Best Cyber Monday Apple Deals
Get these JBL earbuds and 4 months of Music Unlimited for $25
The JBL Vibe 200 True Wireless Earbuds and their charging case.
OnePlus’ new Android update policy matches Samsung, shames Google
OnePlus 10T camera module.
How Apple can fix iOS 16’s messy lock screen customization in iOS 17
iOS 16 lock screen on an iPhone 14 Pro
The best voice-changing apps for Android and iOS
Spotify Wrapped 2022: what it is and how to view it
Spotify Wrapped 2022.
Save $225 on the unlocked Samsung Galaxy S22 Ultra with this deal
Samsung Galaxy S22 Ultra screen in hand.