WhatsApp on Friday said it will allow users to backup their chat history with end-to-end encryption, after which the content will be accessible only to them and no one will be able to unlock their backup. The end-to-end encryption backup feature for WhatsApp – which has two billion users globally – will be available on iOS and Android in the coming weeks.
India is among the biggest markets for the Facebook-owned company. As per data cited by the government earlier this year, the Facebook-owned company has 53 crore users in the country. The move assumes significance as WhatsApp presently uses Google Drive to store backups on the Android platform and the backed-up chats are not end-to-end encrypted – making them susceptible to attacks. To resolve this challenge, WhatsApp has been working on a feature that will allow backups to also be end-to-end encrypted.
Facebook CEO Mark Zuckerberg on Friday said another layer of privacy and security is being added to WhatsApp with an end-to-end encryption option for the backups people choose to store in Google Drive or iCloud.
WhatsApp is the first global messaging service at this scale to offer end-to-end encrypted messaging and backups, and getting there was a really hard technical challenge that required an entirely new framework for key storage and cloud storage across operating systems, he said in a post on Facebook.
In a whitepaper, WhatsApp said all personal messages, calls, video chats and media sent on the messaging platform have been end-to-end encrypted on the platform since 2016.
It emphasised that no one except the user – not even WhatsApp – can access the content.
WhatsApp said the in-app backup feature protects user’s content in the event their device is lost or stolen, and enable the transfer of their chat history to a new device.
In its engineering blog, Facebook – the parent company of WhatsApp – said an HSM (Hardware Security Module) based Backup Key Vault has been created to securely store per-user encryption keys for user backups in tamper-resistant storage, thus ensuring stronger security of users’ message history .
With end-to-end encryption (E2E) backups enabled, backups will be encrypted with a unique, randomly generated encryption key.
People can choose to secure the key manually or with a user password, Facebook said.
When the account owner needs access to their backup, they can access it with their encryption key, or they can use their personal password to retrieve their encryption key from the HSM-based Backup Key Vault and decrypt their backup, it added.
To help ensure that the system is always available, the HSM-based Backup Key Vault service will be geographically distributed across multiple data centres to keep it up and running in case of a data centre outage, it added.
Facebook noted that the HSM-based Backup Key Vault will be responsible for enforcing password verification attempts and rendering the key permanently inaccessible after a minimal number of unsuccessful attempts to access it.
These security measures provide protection against brute-force attempts to retrieve the key. WhatsApp will know only that a key exists in the HSM. It will not know the key itself, it added.