After multiple warnings about the security of your messages, WhatsApp is reportedly planning its most significant update in years to fix its most serious problem. Until that update is released, you should change this critical setting on your phone.
This could be the most significant WhatsApp upgrade in years.
WhatsApp has been accused by Telegram founder Pavel Durov of using “end-to-end encryption” in its marketing “as some magic incantation that alone is supposed to automatically make all communications secure.” This, he said, “is not a silver bullet.”
And, with WhatsApp, he’s dead right.
End-to-end encryption cannot protect the information on your device. For that, you need to rely on the device security—a passcode, a fingerprint, a face scan. Compromise the device, physically or with malware, and you can access its messages. As Telegram says, “we cannot protect you from your own mother if she takes your unlocked phone without a passcode.” When you read reports about WhatsApp hacks or data being pulled from other secure messengers, it is this kind of endpoint compromise.
Unless end-to-end encryption is extended, messages backed up to the cloud run those same risks. And of the mainstream messengers, only iMessage extends end-to-end encryption to its cloud storage. But, even so, Apple can still decrypt iMessages in iCloud, unless you change its settings. Telegram can access all the messages stored on its own cloud. And WhatsApp chats, photos and videos backed up to Apple’s or Google’s clouds can be accessed by those platforms—they are not protected.
“People may not realize that their WhatsApp backups are not encrypted in the cloud,” warns ESET cybersecurity guru and former police officer Jake Moore, “meaning their chats are potentially vulnerable to adversaries. Our private chats can be very lucrative on the black market and have the potential of being preyed upon by targeted threat actors, so users must do what they can to protect them.”
This is very serious. It means WhatsApp’s end-to-end encryption is pointless if cloud backups are enabled. And it’s made worse because WhatsApp advises users to restore your chat history from this unsecured cloud backup when you update to a new phone.
Attacking WhatsApp for this weakness, Durov said that “users don’t want to lose their chats when they change devices, so they back up the chats in services like iCloud – often without realizing their backups are not encrypted… Telegram never relies on third-party cloud backups, and Secret Chats are never backed up anywhere.” There’s a serious caveat here, though. Telegram’s default is to store all its users’ messages on its own cloud—the fact this isn’t a “third-party” public cloud is irrelevant. From a user perspective, it’s unprotected by end-to-end encryption, it can be accessed.
There has been speculation for some time that WhatsApp plans to fix this problem. And now, according to the eagle-eyed WABetaInfo, that fix is on its way. A password set by WhatsApp users to protect their cloud backups. According to WABetaInfo, “the password is private, and it’s not sent to WhatsApp.”
So far, so good. From a security standpoint, this will be WhatsApp’s biggest upgrade in years, as big as the linked device update also now in the works. “So many questions,” says Cyjax CISO Ian Thornton-Trump. “Is it a user generated key or is it going to be tied to your Facebook account via your phone number? It would be far more effective to allow users to setup their own third-party cloud storage for their chat archives.”
Security researcher Sean Wright shares those concerns, telling me “it’s good to move to encrypt backups, but I have a burning question: What key will be used to encrypt these backups? Where and who will have access to this key? If this is something which resides in your account, and something which Facebook has access to, it provides little value. Also this still doesn’t answer the licencing issues which are coming.”
Disable WhatsApp cloud backups on iPhone
WhatsApp backups are useful if you lose or replace your phone—albeit you can transfer your message history from an old phone to a new one. If you don’t back up WhatsApp, then you run the risk that you’ll lose your phone and your messages. But until the encrypted backup option is available, it makes little sense to store a backup of your secure WhatsApp messages without any such security. Disable cloud backup and re-enable it when the update is available—make sure you to set that password.
Disable WhatsApp cloud backups on Android.
WABetaInfo refers to the use of a password to encrypt a backup, not the extension of end-to-end encryption. The strength of that encryption will be important, and it requires an additional user step, rather than being enabled by default without a new password that users must set and remember. If this approach survives to launch, then Apple’s iMessage solution will remain much better.
iMessage already offers a secure cloud option, allowing multiple devices to access a common message store, and protecting that entire trusted device ecosystem with end-to-end encryption. As long as you disable the generic iCloud backup, Apple cannot get hold of a key to that encryption, whatever law enforcement requests it might receive.
It’s unlikely that WhatsApp will be able to match the sophistication of iMessage’s solution. But that shouldn’t detract from just how significant this encrypted backup update is for WhatsApp. Working across Android and iOS remains its best defense against iMessage, even if it falls short technically.
“Similar to the two-step verification WhatsApp has implemented,” Moore says, “this new function will better protect users from possible interception extortion attacks. However, WhatsApp is clearly attempting to include new procedures in order to protect its huge userbase but newer more privacy focused messaging platforms are already one step ahead with securing data protection by design as standard.”
That said, Facebook remains the elephant in the room for WhatsApp—an elephant that has now been thrust into the spotlight by the recent privacy backlash over data sharing and a forced change of terms, under threat of account suspensions.
According to Thornton-Trump, “this backup move is maybe in response to the massive erosion of users drawn to perceivably more secure messaging plans.” WhatsApp will hope that this—along with other feature updates—is enough to distract users from the impending doom of a “take it or leave” privacy update due in just a few weeks.
WhatsApp can encrypt content any way it likes, but that won’t change the fact that its privacy label, as seen in Apple’s App Store, is horribly out of step with its peers. It harvests too much data, all of which it links back to user identities. Unlike its peers, WhatsApp even links your identity to “developer’s advertising and marketing.”
WhatsApp Vs Rivals
WhatsApp has attempted to justify this, arguing that “other apps say they’re better because they know even less information than WhatsApp—we believe people are looking for apps to be both reliable and safe, even if that requires WhatsApp having some limited data.” This is clearly nonsense. It isn’t “limited data.” It’s a long list of data. And Signal, iMessage and Telegram are no less reliable or safe because they don’t link user identities to data collected for multiple reasons, including advertising.
If you’re unsure whether to stay with WhatsApp, then my advice remains to look for another option until such a time as WhatsApp shows it’s listening to user concerns and hasn’t become just another data collection tool for Facebook. This is your data and you’re entitled to more transparency as to how it’s collected and used. Unless we all make clear what we’re willing to accept and what we’re not, which we can only do by using or not using apps, how can we expect anything to change?
Zak is a widely recognized expert on surveillance and cyber, as well as the security and privacy issues associated with big tech, social media and communication