WhatsApp will let its more than 2 billion users fully encrypt the backups of their messages, the Facebook-owned app announced Friday.
The plan, which WhatsApp is detailing in a white paper before rolling out to users on iOS and Android in the coming weeks, is meant to secure the backups WhatsApp users already send to either Google Drive or Apple’s iCloud, making them unreadable without an encryption key. WhatsApp users who opt into encrypted backups will be asked to save a 64-digit encryption key or create a password that is tied to the key.
“WhatsApp is the first global messaging service at this scale to offer end-to-end encrypted messaging and backups, and getting there was a really hard technical challenge that required an entirely new framework for key storage and cloud storage across operating systems,” Facebook CEO Mark Zuckerberg said in a statement.
If someone creates a password tied to their account’s encryption key, WhatsApp will store the associated key in a physical hardware security module, or HSM, that is maintained by Facebook and unlocked only when the correct password is entered in WhatsApp. An HSM acts like a safety deposit box for encrypting and decrypting digital keys.
Once unlocked with its associated password in WhatsApp, the HSM provides the encryption key that in turn decrypts the account’s backup that is stored on either Apple or Google’s servers. A key stored in one of WhatsApp’s HSM vaults will become permanently inaccessible if repeated password attempts are made. The hardware itself is located in data centers owned by Facebook around the world to protect from internet outages.
The system is designed to ensure that no one besides an account owner can gain access to a backup, the head of WhatsApp, Will Cathcart, told The Verge. He said the goal of letting people create simpler passwords is to make encrypted backups more accessible. WhatsApp will only know that a key exists in a HSM, not the key itself or the associated password to unlock it.
The move by WhatsApp comes as governments around the world like India — WhatsApp’s largest market — are threatening to break the way that encryption works. “We expect to get criticized by some for this,” Cathcart said. “That’s not new for us … I believe strongly that governments should be pushing us to have more security and not do the opposite.”
WhatsApp’s announcement means the app is going a step further than Apple, which encrypts iMessages but still holds the keys to encrypted backups; that means Apple can assist with recovery, but also that it can be compelled to hand the keys over to law enforcement. Cathcart said WhatsApp has been working on making encrypted backups a reality for the past couple of years, and that while they are opt-in to start, he hopes, over time, to “have this be the way it works for everyone.”