WhatsApp to Let Users Encrypt Chat Backups Uploaded to iCloud

by

WhatsApp has announced it will give its two billion users the option to upload their chat backups to Apple's iCloud using password-protected encryption.

Whatsapp E2EE Backups
Currently, WhatsApp on iPhone lets users back up their chat history to ‌‌iCloud‌‌, but messages and media that users back up aren't protected by WhatsApp's end-to-end encryption while in ‌‌Apple's cloud servers‌.

Given that Apple holds the encryption keys for ‌iCloud‌, a subpoena of Apple or an unauthorized ‌iCloud‌ hack could potentially allow access to WhatsApp messages backed up there. Apple was reportedly pressured to not add encryption to ‌iCloud‌ Backups after the FBI complained.

The upcoming WhatsApp feature will resolve that security vulnerability by allowing users to encrypt and password-protect their chat history before uploading it to Apple's cloud-based platform. WhatsApp began early work on the security feature back in March 2020.

The rollout will make backups secure in remote ‌iCloud‌ servers by making them unreadable without an encryption key. Encrypted backups will be optional, and users will be asked to save a 64-bit encryption key or create a password that is associated with the key.

According to a whitepaper published by the Facebook-owned platform, when a WhatsApp user creates a password linked to their account's encryption key, WhatsApp stores the key in a physical hardware security module (HSM) that acts like a safety deposit box and can only be unlocked using the correct password. WhatsApp only knows that a key exists in a HSM, not the key itself or the associated password to unlock it.

When the password is used to unlock the HSM, the encryption key is released which then decrypts the account's backup on Apple's servers. If the wrong password is entered repeatedly, however, the data in the HSM becomes permanently inaccessible. WhatsApp will only know that a key exists in a HSM, not the key itself or the associated password to unlock it.

"WhatsApp is the first global messaging service at this scale to offer end-to-end encrypted messaging and backups, and getting there was a really hard technical challenge that required an entirely new framework for key storage and cloud storage across operating systems," said Facebook CEO Mark Zuckerberg in a post announcing the feature.

The encrypted chat backups feature will be rolled out in the coming weeks on Android (for WhatsApp users backing up to Google Drive) and iOS, and will be available in every market where WhatsApp is operational, which could put the company at odds with some governments.

Comparatively, Apple is not making its upcoming ‌iCloud‌+ Private Relay encrypted browsing feature available to users living under certain authoritarian regimes, including China, Belarus, Colombia, Egypt, Kazakhstan, Saudi Arabia, South Africa, Turkmenistan, Uganda, and the Philippines. According to Apple, "regulatory reasons" are preventing the Private Relay feature from launching in those countries.

Tags: security, iCloud, WhatsApp, Encryption
Related Forum: Apple Music, Apple Pay/Card, iCloud, Fitness+

Top Rated Comments

Ifti Avatar
Ifti
2 weeks ago
WhatsApp is what iMessage should have been.
Score: 24 Votes (Like | Disagree)
InGen Avatar
InGen
2 weeks ago
It’s your turn, iMessage/iCloud…
Score: 19 Votes (Like | Disagree)
rikscha Avatar
rikscha
2 weeks ago
Yeah fully encrypted when FB already announced they will place ads inside whatsapp based on what you write

you are a fool for using the service
Score: 14 Votes (Like | Disagree)
ecatomb Avatar
ecatomb
2 weeks ago
Just too bad that WhatsApp owner is Facebook ?
Score: 13 Votes (Like | Disagree)
h3ysw5nkan Avatar
h3ysw5nkan
2 weeks ago

Signal is the answer
Yeah, good luck finding normal people willing to go that far. I have zero active contacts in Signal.
Score: 6 Votes (Like | Disagree)
sdz Avatar
sdz
2 weeks ago

https://gizmodo.com/whatsapp-moderators-can-read-your-messages-1847629241
So true ?

Without joking, I can only agree... If iMessage was available on Android long time ago, iMessage could be at the same place than WhatsApp : encryption, used by nearly everyone...

Maybe Signal will replace WhatsApp ?
Big deal. Messages are forwarded after you’ve been warned. They cannot control it from the outside. It stays e2e encrypted. Actually a very good design. Much better than the rotten Apple solution (we will store your key in the Backup file just because hehehehe )
Score: 6 Votes (Like | Disagree)
Read All Comments

Top Stories

Whatsapp Feature

WhatsApp Still Working on Password-Protected Encrypted iCloud Backups

Monday March 8, 2021 3:27 am PST by
WhatsApp is working on a way to secure users' chat backups in iCloud using password-protected encryption, according to a new report from forthcoming-feature specialist WABetaInfo. The Facebook-owned chat platform began early work on the security feature back in March 2020. Currently, WhatsApp on iPhone lets users back up their chat history to iCloud, but messages and media that users back up ...
Read Full Article43 comments
Whatsapp Feature

Facebook Reportedly Researching Ways to Use Encrypted WhatsApp Messages for Targeted Advertisements

Tuesday August 3, 2021 7:24 am PDT by
Facebook is researching ways to analyze encrypted data, such as WhatsApp messages, without actually decrypting the information, according to a new report from The Information. The report cites that Facebook has confirmed it is building a team of artificial intelligence researchers to "study ways of analyzing encrypted data without decrypting it." While it is still early in development, the...
Read Full Article67 comments
Whatsapp Feature

WhatsApp Rolling Out Ability to Transfer Chats Between iOS and Android

Wednesday August 11, 2021 8:16 am PDT by
One of the biggest hurdles for customers looking to switch between Android and iOS is their inability to transfer their WhatsApp chats between the two different ecosystems. Now, that's coming to an end, as WhatsApp has officially announced that it will easily allow users to transfer their chats between Android and iOS. As reported first by Engadget, WhatsApp used airtime during Samsung's...
Read Full Article35 comments
Whatsapp Feature

WhatsApp Testing Ability to Transfer Chats Between iOS and Android

Tuesday April 6, 2021 12:37 am PDT by
WhatsApp is testing a new feature that will allow users to transfer their chat history, logs, and transcripts between iOS and Android devices, making it easier for WhatsApp users to switch between the two platforms. The new future, in the early stages of development, was brought to light by WABetaInfo, who often shares unreleased and hidden features behind the chatting service. According to ...
Read Full Article71 comments
Whatsapp Feature

WhatsApp to Roll Out Multi-Device Support, Hints at Future iPad App

Thursday June 3, 2021 3:58 am PDT by
In an interview with WABetaInfo, Facebook CEO Mark Zuckerberg confirmed that the popular messaging app will soon be rolling out multi-device capability, allowing users to use their WhatsApp account on up to four different linked devices even when their main smartphone is not connected to the internet. According to Zuckerberg, Facebook has faced "a big technical challenge" in getting "all...
Read Full Article78 comments
Whatsapp Feature

WhatsApp Ends Support for iOS 9, Now Requires iPhone 5 or Later to Work

Thursday March 18, 2021 2:55 am PDT by
As indicated in a newly published support document, WhatsApp has ended support for iOS 9 and earlier versions of Apple's mobile operating system, requiring all users to be running at least iOS 10, released in 2016. Up until now, iOS 9 users – who will have been mainly iPhone 4s owners – were able to use the encrypted chat service. Going forward, however, iOS 10 is required, meaning users ...
Read Full Article50 comments
icloud passwords for windows

Apple Releases iCloud 12.5 for Windows With iCloud Keychain Password Manager App

Monday August 16, 2021 11:50 am PDT by
Apple today released a new version of its iCloud for Windows app, with the 12.5 update adding a new iCloud Keychain password manager app for Windows users. With the new password management option, those who are running Windows can access their iCloud Keychain passwords and can add, edit, copy and paste, delete, and look up usernames or passwords. Apple in January released an updated version...
Read Full Article102 comments
imazing header purple

MacRumors Giveaway: Win an iPhone 13 Pro or Pro Max From iMazing

Friday September 17, 2021 11:05 am PDT by
For this week's giveaway, we've teamed up with iMazing to offer MacRumors readers a chance to win an iPhone 13 Pro or iPhone 13 Pro Max with up to 1TB of storage and a copy of the iMazing software, which is ideal for iPhone backups and management. If you're unfamiliar with iMazing, it's Mac and Windows software that provides a range of handy tools for iOS device management, and it offers...
Read Full Article59 comments
whatsapp status updates privacy e1612180151751

WhatsApp Uses Status Updates to Remind Users About Its Privacy Commitments

Monday February 1, 2021 3:58 am PST by
WhatsApp has started using Status messages to remind its users of the messaging service's "commitment to your privacy," following the recent confusion regarding changes to its privacy policy last month. "WhatsApp is now on Status," the message begins. "We'll let you know about new features and updates here. One thing that isn't new is our commitment to your privacy. WhatsApp can't read or...
Read Full Article36 comments
whatsapp joinable calls

WhatsApp Now Lets You Join Group Calls Even After They've Started

Tuesday July 20, 2021 12:17 am PDT by
WhatsApp has introduced a new call feature to its platform that allows you to jump into an end-to-end encrypted group call even after it has started. Previously it was only possible to join a group call in WhatsApp when the call was first made and the phone was ringing, which meant if you missed the initial notification and the group call had started, you were effectively locked out of...
Read Full Article14 comments