Hot topics

WhatsApp will encrypt your backups but how does it work?

NextPit Whats App contact problem
© nextpit

Read in other languages:

WhatsApp announced on September 10 that saved conversations on iOS or Android will soon be able to be end-to-end encrypted. But how does it work? Can WhatsApp backups that go through the cloud (Google Drive or iCloud) really be encrypted?


TL;DR

  • This feature will be deployed in the coming weeks on Android and iOS.
  • It will be an opt-in, which the user can activate or not, at first.

There's a reason why Signal only offers local backups, and Telegram doesn't store your secret exchanges in the cloud. The only way to be sure that your backups remain secure is to ensure that they do not pass through any server and that they are stored locally.

But apparently, WhatsApp has managed to break this compromise by developing an encryption solution for cloud-based backups. This famous solution, which will be deployed in the coming weeks on iOS and Android.

End-to-end encrypted cloud backups? How does it work?

On both iOS and Android, WhatsApp will be able to protect your saved conversations in two ways. First, you will need to generate a 64-digit encryption key to lock your chats stored on iCloud and Google Drive.

This encryption key can then either be stored locally or in a password manager of your choice. You will also have the option to create a password to save this encryption key in a secure online vault, developed specifically for this purpose, by WhatsApp.

Facebook refers to this as an HSM or hardware security module. WhatsApp will only know whether a key exists within an HSM, but will not know the key itself or the password associated with it to unlock the HSM.

whatsapp hsm
This is how end-to-end encryption of a WhatsApp backup is supposed to work / © WhatsApp/Facebook

If you opt for the latter, you won't be able to access the key without entering your password. If you forget your encryption key, the key is permanently lost, and so is the backup of your conversations, as WhatsApp does not know your password.

Once unlocked with the password associated with it in WhatsApp, the HSM provides the encryption key, which in turn decrypts the account backup that is stored on Apple or Google servers. A key stored in one of WhatsApp's HSM vaults will become permanently inaccessible after several repeated attempts at the wrong password. The hardware itself is located in Facebook-owned data centers around the world to protect against network outages.

What do you think of this solution? Does this promise of encryption reassure you about the security of your data on WhatsApp?

Source: WhatsApp

The best camera phones to buy in 2024

  Editor's Choice The Best Android Alternative The Best Camera iPhone The Best Camera Under $1,000 The Best Camera Under $600 The Best Camera Under $500 The Best Camera Foldable
Product
Image Google Pixel 8 Pro Product Image Samsung Galaxy S24 Ultra Product Image Apple iPhone 15 Pro Max Product Image Google Pixel 8 Product Image Google Pixel 7 Product Image Google Pixel 7a Product Image OnePlus Open Product Image
Review
Review: Google Pixel 8 Pro
Review: Samsung Galaxy S24 Ultra
Review: Apple iPhone 15 Pro Max
Review: Google Pixel 8
Review: Google Pixel 7
Review: Google Pixel 7a
Review: OnePlus Open
Offer*
Go to comment (0)
Antoine Engels

Antoine Engels
Senior Editor

Black belt in specs sheet analysis. OnePlus fanboy in (slow) remission. Average estimated reading time of my articles: 48 minutes. Tech deals fact-checker in my spare time. Hates talking about himself in the 3rd person. Dreams he was a gaming journalist in another life. Doesn't get the concept of irony. Head of editorial for NextPit France.

View all articles
Liked this article? Share now!
Recommended articles
Latest articles
Push notification Next article
No comments
Write new comment:
All changes will be saved. No drafts are saved when editing
Write new comment:
All changes will be saved. No drafts are saved when editing