WhatsApp has announced that its two billion users will be able to use password-protected encryption to upload their chat backups to Apple’s iCloud.
Currently, WhatsApp on iPhone allows users to back up their chat history to iCloud, but messages and media stored in Apple’s cloud servers aren’t protected by WhatsApp’s end-to-end encryption.
Given that Apple controls the encryption keys for iCloud, a subpoena issued by the company or an unauthorized iCloud hack could allow access to WhatsApp messages stored there. After the FBI complained, Apple was reportedly pressured to not add encryption to iCloud Backups.
Users will be able to encrypt and password-protect their chat history before uploading it to Apple’s cloud-based platform, thanks to a new WhatsApp feature. WhatsApp started developing the security feature in March 2020.
The rollout will make backups secure in remote iCloud servers by making them unreadable without an encryption key. Encrypted backups will be optional, and users will be asked to save a 64-bit encryption key or create a password that is associated with the key.
According to a whitepaper published by WhatsApp, when a user creates a password linked to their account’s encryption key, WhatsApp stores the key in a physical hardware security module (HSM) that acts like a safety deposit box and can only be unlocked using the correct password. WhatsApp is only aware of the existence of a key in an HSM, not the key itself or the password used to unlock it.
The encryption key is released when the password is used to unlock the HSM, which then decrypts the account’s backup on Apple’s servers. However, if the incorrect password is used repeatedly, the data in the HSM will become permanently inaccessible. WhatsApp will only be aware of the existence of a key in an HSM, not the key itself or the password used to unlock it.
“WhatsApp is the first global messaging service at this scale to offer end-to-end encrypted messaging and backups, and getting there was a really hard technical challenge that required an entirely new framework for key storage and cloud storage across operating systems,” said Facebook CEO Mark Zuckerberg in a post announcing the feature.
The encrypted chat backups feature will be available on Android (for WhatsApp users backing up to Google Drive) and iOS in the coming weeks, and will be available in every market where WhatsApp operates, potentially putting the company at odds with some governments.
In contrast, users in authoritarian regimes such as China, Belarus, Colombia, Egypt, Kazakhstan, Saudi Arabia, South Africa, Turkmenistan, Uganda, and the Philippines will not be able to use Apple’s upcoming iCloud + Private Relay encrypted browsing feature. According to Apple, the Private Relay feature will not be available in those countries due to “regulatory reasons”