WhatsApp will soon launch end-to-end encrypted cloud backup on Android and iOS. The new initiative will help users keep their chats end-to-end encrypted, even if they are part of a WhatsApp backup stored on cloud services such as Apple iCloud or Google Drive. From the ground up, WhatsApp is dedicated to providing its users with the expected end-to-end encrypted backup support. It is worth noting that since 2016, instant messaging applications have been providing end-to-end encrypted messages on their platforms, and this update essentially extends this level of security to chat backup.
Facebook CEO Mark Zuckerberg announced through a post on the platform on Friday that WhatsApp has completed the construction of end-to-end encrypted backups and will soon begin rolling out new privacy and security protection layers to users.
End-to-end encrypted backup will be provided as an optional feature, and users need to manually enable it on the app. The Facebook-owned company said it will be rolled out to Android and iOS devices in the next few weeks.
Users will be able to enable end-to-end encryption for their chat backups on WhatsApp by creating a password, and they will need to restore their backups in the future. Alternatively, WhatsApp can use their 64-bit encryption key for authentication.
By enabling end-to-end encryption for backups, users will be able to protect their chat history from being accessed by any third party. The company claims that neither WhatsApp nor backup service providers (including Apple and Google) have access to users’ end-to-end encryption keys and backups.
WhatsApp has always allowed users to save chat backups on Apple iCloud (if it’s an iPhone) and Google Drive (if it’s an Android phone). But in both cases, backups stored in the cloud are not protected by WhatsApp’s end-to-end encryption. This means that the data can be read by third parties. It brought up some cases in which third parties, including law enforcement agencies, may have gained access to user data. This is where the new end-to-end encrypted backup may be useful.
The security level of the new feature will be the same as the way WhatsApp messages are protected under end-to-end encryption. However, WhatsApp engineers need to work hard to achieve this progress-especially considering that there are more than 2 billion users on the app sending more than 100 billion messages every day, most of which use cloud backup to protect their chat history.
With end-to-end encrypted backups, WhatsApp will use a random key that will be generated on the device to encrypt chat messages and all existing message data, including texts, photos, and videos that are being backed up.
WhatsApp has built a backup keystore based on a hardware security module (HSM), which will take effect when users choose a personal password to protect their chat backup. This Vault service will save the encryption keys for user backups per user and serve as a physical locker in the bank to store the keys. These keys help protect the backup with the password provided by the user. Every time you need to restore an end-to-end encrypted backup, it will return the key after verifying your password. The service also ensures that the encryption key will not be provided after a certain number of unsuccessful attempts.
To avoid data center outages, WhatsApp stated that it will keep the Backup Key Vault service geographically distributed in multiple data centers.
WhatsApp said in a white paper: “Because the backups are encrypted with a key unknown to Google or Apple, the cloud provider cannot read them.”
It’s important to note that if the user forgets the password and cannot access the phone, they will not be able to restore the encrypted backup.
If users do not select a password option for their end-to-end encrypted backups and instead use a 64-bit key, they will need to manually enter the key on the app to decrypt and access their backups.
WhatsApp was originally discovered in July to provide end-to-end encrypted backups on its platform. Last month, the app was also found to be working on extending end-to-end encryption to local backups, although there is no official news about its launch.
In other words, the end-to-end encrypted backup feature will first reach Beta testers on Android and iOS in the next few days-before reaching end users.