What you need to know
- Popular messaging app WhatsApp will soon enable end-to-end encryption for backups in Google Drive and iCloud.
- The feature will roll out to users on Android and iOS in the coming weeks.
- Encrypted backups will ensure nobody else can access your messages.
WhatsApp announced on September 10 that it will soon allow users to protect their message backups using end-to-end encryption. While WhatsApp already allows users to back up their message history via Google Drive and iCloud, they are currently secured by the cloud-based storage services.
Facebook says it created an all-new system for encryption key storage to make end-to-end encryption possible for backups on both Android and iOS. Once you enable end-to-end encryption, your backups will be encrypted with a unique, randomly generated encryption key. You can secure the key manually or with a password.
When you choose to use a password, the encryption key is stored in a Backup Key Vault that is "built based on a component called a hardware security module — specialized, secure hardware that can be used to security store encryption keys." You can access the backup using your encryption key or your personal password to retrieve the key from the Backup Key Vault.
The encryption key will be rendered permanently inaccessible after a "minimal number" of unsuccessful attempts to access it. This, Facebook says, will help prevent brute-force attempts to retrieve the key.
ChatD, which is WhatsApp's front-end service, will implement a protocol to send the encryption keys to and from the app's servers. The contents of the encrypted messages, however, will not be accessible to ChatD. WhatsApp also clarifies that it will only know a key exists in the HSM, but not the key itself.
The HSM-based Backup Key Vault service will be located across multiple Facebook data centers to prevent outages and ensure that it operates reliably for over 2 billion WhatsApp users.
The feature will roll out to users on the best Android phones and iPhones over the coming weeks.