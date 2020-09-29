WhatsApp Security Concerns Amid Chat Leaks & How to Stay Safe

WhatsApp has “encouraged people to take advantage of all security features” on their phones to protect saved chats. The Quint Whatsapp has “encouraged people to take advantage of all the security features” in one’s smartphone to prevent third parties from accessing chats stored on one’s device. | (image: The Quint) Tech and Auto WhatsApp has “encouraged people to take advantage of all security features” on their phones to protect saved chats.

Questions and concerns around WhatsApp security have once again emerged following leaked chats allegedly belonging to actor Rhea Chakraborty and Deepika Padukone. In light of the concerns around the security of the app, WhatsApp has “encouraged people to take advantage of all the security features” in one’s smartphone to prevent third parties from accessing chats stored on their devices. In September, following Chakraborty’s arrest by the Narcotics Control Bureau, news channels shifted focus to a conversation in a WhatsApp group chat from 2017 that involves actor Deepika Padukone and her manager Karishma. WhatsApp, however, has clarified in a statement that it protects messages with end-to-end encryption “so that only you and the person you're communicating with can read what is sent, and nobody in between can access it, not even WhatsApp.” So, does Facebook have a security issue? And if so, can it be exploited to gain access to our private conversations?

WHATSAPP IS INDEED END-TO-END ENCRYPTED

First things first. The WhatsApp messaging platform is indeed end-to-end encrypted. This means only the sender and receiver can read the plaintext of a message. WhatsApp uses the Signal Protocol, designed by Open Whisper Systems for its end-to-end encryption.

WHAT ABOUT NCB GAINING ACCESS TO CHATS? In light of the concerns around the security of WhatsApp chats, the personal messaging platform has “encouraged people to take advantage of all the security features” in one’s smartphone to prevent third parties from accessing chats stored on their devices. The statement shared with The Quint came soon after reports of the Narcotics Control Bureau’s ability to access WhatsApp chats saved on one’s phone storage or on the Operating System’s (OS) cloud service such as Google Drive or iCloud. The News Minute, in a report on 24 September, stated agencies can, with the help of forensic experts, “retrieve all kinds of data like phone call records, messages, images, WhatsApp chats, as well as the data on your phone’s cloud service, like Google Drive or iCloud, including anything that has been deleted.” This relates to the fact that WhatsApp’s end-to-end encryption pertains to messages, call and content on the platform itself. The backup stored on the device or on cloud is not under WhatsApp’s end-to-end protection.

A user’s WhatsApp chats are downloaded as a backup file onto your phone, as a folder in your storage folder. It can also be uploaded onto a cloud server, like Google Drive or iCloud.

The TNM report further states that a user’s WhatsApp message log can also be accessed through the chat backups that are saved to a user’s phone periodically. “The group chats from Jaya Saha are believed to have been retrieved in a similar manner. In the case of the conversation allegedly between Deepika and Karishma, which dates back to 2017, Jaya Saha seems to have had the backup of her chats stored online on the cloud,” according to TNM.

WHAT DOES WHATSAPP HAVE TO SAY?

Following the report, WhatsApp clarified that it “follows guidance provided by operating system manufacturers for on-device storage.” The platform has urged users to ensure that the backups are secured by using the operating system’s security features such as passwords, pins and biometric IDs in order to protect the private chats from third party access.

“We encourage people to take advantage of all the security features provided by operating systems such as strong passwords or biometric IDs to prevent third parties from accessing content stored on device,” a WhatsApp spokesperson said.

Here’s WhatsApp’s Statement in Full: “WhatsApp protects your messages with end-to-end encryption so that only you and the person you're communicating with can read what is sent, and nobody in between can access it, not even WhatsApp. “It's important to remember that people sign up on WhatsApp using only a phone number, and WhatsApp doesn't have access to your message content. “WhatsApp follows guidance provided by operating system manufacturers for on-device storage and we encourage people to take advantage of all the security features provided by operating systems such as strong passwords or biometric IDs to prevent third parties from accessing content stored on device.”