Is WhatsApp Really End-to-End Encrypted? Are My Chats Secure?
The encryption does not extend to back-up files of the chats that are saved on the device or on cloud services.
Over the past couple weeks, WhatsApp messaging service has once again come under a cloud of questions regarding its security features. After television news channels started leaking selective chats belonging allegedly to actor Rhea Chakraborty, many users aren’t sure if their messages are indeed end-to-end encrypted or whether they are secure.
Let take a look at both the questions separately.
IS WHATSAPP END-TO-END ENCRYPTED?
Yes. WhatsApp is indeed an end-to-end encrypted messaging platform. This means that the chat is encrypted even when it is moving from one device to another and can only be read in decrypted plain-text by the sender and receiver of the message.
WhatsApp’s end-to-end encryption uses the Signal Protocol, designed by Open Whisper Systems. This end-to-end encryption protocol is designed to prevent third parties and WhatsApp from having plaintext access to messages or calls.
“WhatsApp protects your messages with end-to-end encryption so that only you and the person you’re communicating with can read what is sent, and nobody in between can access it, not even WhatsApp,” a WhatsApp spokesperson told The Quint.
“It's important to remember that people sign up on WhatsApp using only a phone number, and WhatsApp doesn't have access to your message content,” the statement added.
DOES THAT MEAN ALL MY CHATS ARE SECURE?
An important distinction needs to be made here. The WhatsApp platform is end-to-end encrypted meaning no third party actor can intercept the message or decrypt it. Only the sender and receiver can see the plaintext of the messages, videos and images.
However, the encryption is only on the WhatsApp app. It does not extend to the back-up files of the chats that are saved in a folder on the device or on the cloud devices. Moreover, screenshots of chats are saved in the phone’s gallery. These are all outside of the encrypted WhatsApp platform.
The News Minute, in a report on 24 September quoting sources, said that “to access encrypted WhatsApp data, sources say investigative agencies take a user’s phone and create a ‘clone’ of it on another device.”
Agencies can then create what is called a ‘mirror image’ of your phone, and copy and then transfer all the data onto the separate device.
Agencies can, with the help of forensic experts, “retrieve all kinds of data like phone call records, messages, images, WhatsApp chats, as well as the data on your phone’s cloud service, like Google Drive or iCloud, including anything that has been deleted.”
. The backup stored on the device or on cloud is not under WhatsApp’s end-to-end protection. One must ensure one’s device and/or cloud has a strong password or pin protection.
“WhatsApp follows guidance provided by operating system manufacturers for on-device storage and we encourage people to take advantage of all the security features provided by operating systems such as strong passwords or biometric IDs to prevent third parties from accessing content stored on device,” the WhatsApp spokesperson stated.
HOW ARE NEWS CHANNELS GETTING WHATSAPP MESSAGES?
Most likely, leaked chats or retrieved chats by central agencies may have been leaked to some sections of the media. One can be assured that no television network has managed to break into encrypted WhatsApp chats and intercepted them.
Subscribe To Our Daily Newsletter And Get News Delivered Straight To Your Inbox.