CEO of Facebook, Mark Zuckerberg announced that WhatsApp has built end-to-end encrypted. The encrypted backups will soon be rolling out to iOS and Android users of WhatsApp in the coming weeks, which is meant to secure the backups WhatsApp users already send to their Google Drive or iCloud.
How will WhatsApp encrypted backups work?
The messaging app has added a privacy layer to its system that can only be accessible to the user. If a user has enabled end-to-end encrypted backups neither WhatsApp nor backup service providers such as Apple and Google would be able to access the chat backups or the backup encryption key.
WhatsApp has detailed the plan in a white paper that says; The key to encrypt the backup is secured with a user-provided password. The password is unknown to WhatsApp, the user’s mobile device cloud partners, or any third party. The key is stored in the HSM Backup Key Vault to allow the user to recover the key in the event the device is lost or stolen. The HSM Backup Key Vault is responsible for enforcing password verification attempts and rendering the key permanently inaccessible after a certain number of unsuccessful attempts to access it. These security measures protect against brute force attempts to retrieve the key.
Users who will opt for the encrypted backup will be asked to save a 64-digit encryption key or create a password tied to an associated key, that associated key will be stored in a physical hardware security module(HSM) and it can only be opened when the correct code or password is entered.
Facebook CEO Mark Zuckerberg said in a statement; “WhatsApp is the first global messaging service at this scale to offer end-to-end encrypted messaging and backups, and getting there was a really hard technical challenge that required an entirely new framework for key storage and cloud storage across operating systems.”
Criticism on WhatsApp
This move came as several countries throughout the world have objected to WhatsApp privacy policies. While, others are asking the Facebook-owned platform to break the encryption so it would be easier for them to reach the source of messages, who are spreading misinformation and related content.