WhatsApp announced that the service is moving forward with plans to completely secure communications between users, and it’s not implementing a new option to encrypt backups created by instant messenger.
Encrypting discussions between people is now one of the main features people look for in a messaging app. While the benefits of encrypting messages are clear, it also has limitations. For example, messaging services that use encryption are limited when it comes to sending large files.
Now, WhatsApp allows users to encrypt their backups, even if they are hosted on third-party services such as Google Drive or iCloud.
“People can already back up their WhatsApp message history via cloud-based services like Google Drive and iCloud,” said the company on Friday. “WhatsApp does not have access to these backups, and they are secured by the individual cloud-based storage services.”
“But now, if people choose to enable end-to-end encrypted (E2EE) backups once available, neither WhatsApp nor the backup service provider will be able to access their backup or their backup encryption key,” it added.
The option will be available on both Android and iOS, and the E2EE backup will be encrypted using a 64-bit key. Neither Google nor Apple will have access to these backups, but that also means that, if something goes wrong and the user forgets the password, for example, the backups will be irretrievable.
When someone wants to retrieve their backup:
- They enter their password, which is encrypted and then verified by the Backup Key Vault.
- Once the password is verified, the Backup Key Vault will send the encryption key back to the WhatsApp client.
- With the key in hand, the WhatsApp client can decrypt the backups.
Alternatively, if an account owner has chosen to use the 64-digit key alone, they have to manually enter the key themselves to decrypt and access their backups.
With a billion users worldwide, WhatsApp promised to use multiple datacenters distributed worldwide, and the option should become available in coming weeks.