Following through with a long-requested feature from users, Facebook-owned WhatsApp is going to make cloud backups end-to-end encrypted to go along with the end-to-end encryption of the messages sent with the service. The app will offer the feature in “the coming weeks” to iOS and Android users with two ways to fully encrypt their backups.
Facebook CEO Mark Zuckerberg shared the news today in a Facebook post (via TechCrunch):
We’re adding another layer of privacy and security to WhatsApp: an end-to-end encryption option for the backups people choose to store in Google Drive or iCloud. WhatsApp is the first global messaging service at this scale to offer end-to-end encrypted messaging and backups, and getting there was a really hard technical challenge that required an entirely new framework for key storage and cloud storage across operating systems.
Facebook shared more details with TechCrunch how it will work:
In the “coming weeks,” users on WhatsApp will see an option to generate a 64-digit encryption key to lock their chat backups in the cloud. Users can store the encryption key offline or in a password manager of their choice, or they can create a password that backs up their encryption key in a cloud-based “backup key vault” that WhatsApp has developed. The cloud-stored encryption key can’t be used without the user’s password, which isn’t known by WhatsApp.
Another part of this is that when a WhatsApp encrypted backup is created, earlier copies will be deleted. “This will happen automatically and there is no action that a user will need to take,” the spokesperson added.
Facebook also published a security white paper for the new end-to-end encrypted backups with all the specifics. You can read that in full here.
The news comes after a misunderstanding in a ProPublica report that suggested WhatsApp messages were not end-to-end encrypted. That confusion was resolved just yesterday.