WhatsApp to Let Users Encrypt Chat Backups Uploaded to iCloud
WhatsApp has announced it will give its two billion users the option to upload their chat backups to Apple's iCloud using password-protected encryption.
Currently, WhatsApp on iPhone lets users back up their chat history to iCloud, but messages and media that users back up aren't protected by WhatsApp's end-to-end encryption while in Apple's cloud servers.
Given that Apple holds the encryption keys for iCloud, a subpoena of Apple or an unauthorized iCloud hack could potentially allow access to WhatsApp messages backed up there. Apple was reportedly pressured to not add encryption to iCloud Backups after the FBI complained.
The upcoming WhatsApp feature will resolve that security vulnerability by allowing users to encrypt and password-protect their chat history before uploading it to Apple's cloud-based platform. WhatsApp began early work on the security feature back in March 2020.
The rollout will make backups secure in remote iCloud servers by making them unreadable without an encryption key. Encrypted backups will be optional, and users will be asked to save a 64-bit encryption key or create a password that is associated with the key.
According to a whitepaper published by the Facebook-owned platform, when a WhatsApp user creates a password linked to their account's encryption key, WhatsApp stores the key in a physical hardware security module (HSM) that acts like a safety deposit box and can only be unlocked using the correct password. WhatsApp only knows that a key exists in a HSM, not the key itself or the associated password to unlock it.
When the password is used to unlock the HSM, the encryption key is released which then decrypts the account's backup on Apple's servers. If the wrong password is entered repeatedly, however, the data in the HSM becomes permanently inaccessible. WhatsApp will only know that a key exists in a HSM, not the key itself or the associated password to unlock it.
"WhatsApp is the first global messaging service at this scale to offer end-to-end encrypted messaging and backups, and getting there was a really hard technical challenge that required an entirely new framework for key storage and cloud storage across operating systems," said Facebook CEO Mark Zuckerberg in a post announcing the feature.
The encrypted chat backups feature will be rolled out in the coming weeks on Android (for WhatsApp users backing up to Google Drive) and iOS, and will be available in every market where WhatsApp is operational, which could put the company at odds with some governments.
Comparatively, Apple is not making its upcoming iCloud+ Private Relay encrypted browsing feature available to users living under certain authoritarian regimes, including China, Belarus, Colombia, Egypt, Kazakhstan, Saudi Arabia, South Africa, Turkmenistan, Uganda, and the Philippines. According to Apple, "regulatory reasons" are preventing the Private Relay feature from launching in those countries.