WhatsApp already offers end-to-end encryption for conversations. Now the company has introduced end-to-end encryption for WhatsApp backups. In other words, the backup on iCloud or Google Drive will be end-to-end encrypted. Most importantly, the backups remain encrypted even when uploaded on the cloud, thus making it very secure.
Once enabled, neither WhatsApp nor cloud provider will be able to access your backup. Only you will be able to access it with the backup encryption key.
To enable E2EE backups, we developed an entirely new system for encryption key storage that works with both iOS and Android. With E2EE backups enabled, backups will be encrypted with a unique, randomly generated encryption key. People can choose to secure the key manually or with a user password. When someone opts for a password, the key is stored in a Backup Key Vault that is built based on a component called a hardware security module (HSM) — specialized, secure hardware that can be used to securely store encryption keys.
Whenever you need to access the backup, you can use an encryption key or a personal password. The system will use an HSM-based Backup Key Vault and decrypts the backup. Facebook CEO Mark Zuckerberg said that the end-to-end encrypted backups would soon start rolling out for iPhone in the upcoming weeks.
WhatsApp users can create end-to-end encrypted backups with the help of a password. The stored password can be used to restore backup anytime in the future. Currently, WhatsApp lets you store backups on iCloud and Google Drive. Law-enforcement agencies could coerce cloud providers to hand over user data. This will no longer be possible as the agencies require a decryption key to access WhatsApp backups uploaded on the cloud.
[via Facebook]