Use Strong Password, ID in Phone to Protect Saved Chats: WhatsApp
WhatsApp has “encouraged people to take advantage of all security features” on their phones to protect saved chats.
In light of the concerns around the security of WhatsApp chats, the personal messaging platform has “encouraged people to take advantage of all the security features” in one’s smartphone to prevent third parties from accessing chats stored on their devices.
The statement shared with The Quint, came soon after reports of the Narcotics Control Bureau’s ability to access WhatsApp chats saved on one’s phone storage or on the Operating System’s (OS) cloud service such as Google Drive or iCloud.
Questions around the accessibility of WhatsApp chats have increased over the last month as news channels flash bits of WhatsApp conversations allegedly between actor Rhea Chakraborty and others. This week, news channels shifted focus to a conversation in a WhatsApp group chat from 2017 that involves actor Deepika Padukone and her manager Karishma.
WhatsApp, however, has clarified that it protects messages with end-to-end encryption “so that only you and the person you're communicating with can read what is sent, and nobody in between can access it, not even WhatsApp.”
WhatsApp chats are indeed encrypted end-to-end as well as in transit. This means that the chat is encrypted even when it is moving from one device to another and can only read in decrypted plain-text by the sender and receiver of the message.
WhatsApp uses the Signal Protocol, designed by Open Whisper Systems for its end-to-end encryption.
The Facebook-owned messaging platform, in its statement, further reminded “It's important to remember that people sign up on WhatsApp using only a phone number, and WhatsApp doesn't have access to your message content.”
Access to Chats Stored in Phone & Cloud
The News Minute, in a report on Thursday stated sources say agencies can, with the help of forensic experts, “retrieve all kinds of data like phone call records, messages, images, WhatsApp chats, as well as the data on your phone’s cloud service, like Google Drive or iCloud, including anything that has been deleted.”
This relates to the fact that WhatsApp’s end-to-end encryption pertains to messages, call and content on the platform itself. The backup stored on the device or on cloud is not under WhatsApp’s end-to-end protection.
A user’s WhatsApp chats are downloaded as a backup file onto your phone, as a folder in your storage folder. It can also be uploaded onto a cloud server, like Google Drive or iCloud.
The TNM report further states that a user’s WhatsApp message log can also be accessed through the chat backups that are saved to a user’s phone periodically.
“The group chats from Jaya Saha are believed to have been retrieved in a similar manner. In the case of the conversation allegedly between Deepika and Karishma, which dates back to 2017, Jaya Saha seems to have had the backup of her chats stored online on the cloud,” according to TNM.
WhatsApp’s Clarification Regarding Stored Chats
Following the report, WhatsApp clarified that it “follows guidance provided by operating system manufacturers for on-device storage.”
The platform has urged users to ensure that the backups are secured by using the operating system’s security features such as passwords, pins and biometric IDs in order to protect the private chats from third party access.
“We encourage people to take advantage of all the security features provided by operating systems such as strong passwords or biometric IDs to prevent third parties from accessing content stored on device.”WhatsApp spokesperson
WhatsApp’s Full Statement
“WhatsApp protects your messages with end-to-end encryption so that only you and the person you're communicating with can read what is sent, and nobody in between can access it, not even WhatsApp.
“It's important to remember that people sign up on WhatsApp using only a phone number, and WhatsApp doesn't have access to your message content.
“WhatsApp follows guidance provided by operating system manufacturers for on-device storage and we encourage people to take advantage of all the security features provided by operating systems such as strong passwords or biometric IDs to prevent third parties from accessing content stored on device.”
Subscribe To Our Daily Newsletter And Get News Delivered Straight To Your Inbox.