WhatsApp announces new secure features for Android and IOS devices

Details WhatsApp's new functionality will be available as an optional feature in the coming weeks and will be rolled out to iOS and Android users (AP).

                                                            Image source - Google | Image by - statuswhatsapp

WhatsApp has made its end-to-end encryption announcement now in order to prepare the wider technical community for the new method.

Even for chat backups, WhatsApp has implemented end-to-end encryption. Previously, the lack of encryption for backups could have given bad actors a way in. With the addition of end-to-end encryption for chat backups, WhatsApp claims to be the only large-scale messaging service to provide this level of protection for people's communications - from sending and transit to receiving and storing in the cloud.

Also Read: WhatsApp clients need to look out for perilous 'crash code' messages

How will the additional functionalities be implemented?

WhatsApp is announcing end-to-end encryption now in order to familiarise the wider technical community with the new approach before it is made available to beta testers and then to regular users.

WhatsApp's new functionality will be available as an optional feature in the coming weeks and will be rolled out to iOS and Android users.

How does it function?

WhatsApp's backup management now relies on mobile device cloud partners like Apple and Google to store backups of WhatsApp data (chat messages, images, and so on) in Apple iCloud or Google Drive. Backups maintained on Apple iCloud and Google Drive were not protected by WhatsApp's end-to-end encryption prior to the introduction of end-to-end encrypted backups.

Before being transferred to various cloud services, the instant messaging application will now allow users to encrypt backups from beginning to end. WhatsApp has established an HSM (Hardware Security Module) based Backup Key Vault to securely store per-user encryption keys for user backups in tamper-resistant storage with the launch of end-to-end encrypted backups, providing enhanced security of users' message histories.

Before saving backups in the cloud, the client encrypts chat messages and all messaging data (i.e. text, photographs, videos, etc) that is being backed up using a random key created on the user's device with end-to-end encrypted backups enabled.

 

What will happen to the key?

A user-supplied password protects the key used to encrypt the backup. WhatsApp, the user's mobile device cloud partners, and any other parties have no access to the password. In the case that the device is lost or stolen, the key is saved in the HSM Backup Key Vault, which allows the user to recover the key.

After a specified number of unsuccessful tries to access the key, the HSM Backup Key Vault is responsible for enforcing password verification attempts and rendering the key permanently inaccessible.

Also Read: WhatsApp has banned 3 million Indian accounts