WhatsApp Still Working on Password-Protected Encrypted iCloud Backups
The Facebook-owned chat platform began early work on the security feature back in March 2020. Currently, WhatsApp on iPhone lets users back up their chat history to iCloud, but messages and media that users back up are not protected by WhatsApp's end-to-end encryption while in iCloud.
Apple holds the encryption keys to iCloud, and does provide backed-up data to authorities when lawfully requested, as outlined in its semiannual Transparency Reports. The new WhatsApp feature, should it see the light of day, would resolve that security hole by allowing users to encrypt and password-protect their chat history before uploading it to Apple's cloud-based platform.
In screenshots posted by WABetaInfo, WhatsApp describes the password-protection like so:
"To prevent unauthorized access to your iCloud Drive backup, you can set a password that will be used to encrypt future backups. This password will be required when you restore from the backup."
The user is then asked to confirm their phone number and select a password of at least eight characters in length. Another screenshot forewarns users that "WhatsApp will not be able to help recover forgotten passwords."
• The chat database is already encrypted now (excluding media), but the algorithm is reversible and it's not end-to-end encrypted.
• Local Android backups will be compatible with this feature. The chat DB and media will be encrypted using a password that only you know. https://t.co/WAliLUnF18 — WABetaInfo (@WABetaInfo) March 8, 2021