WhatsApp now offers 'end-to-end' encrypted backups — here's how it works
Only you hold the key to decrypting your WhatsApp backup
WhatsApp now lets you fully encrypt your chat backups so that no one else —including WhatsApp — can see them.
"End-to-end encrypted backups for WhatsApp starting to roll out today," Facebook founder and CEO Mark Zuckerberg wrote in a message posted on his Facebook page today (Oct. 14). "Proud of the team for continuing to lead on security for your private conversations."
- WhatsApp is still safe to use, despite story claiming otherwise
- The best encrypted messaging apps
- Plus: iPhone 13 launch — all the new products we expect at the Apple event
"You can now secure your end-to-end encrypted backup with either a password of your choice or a 64-digit encryption key that only you know," WhatsApp said in a blog post today. "Neither WhatsApp nor your backup service provider will be able to read your backups or access the key required to unlock it."
End-to-end encryption usually refers to data being transmitted from one client device to another, not to stored data as in these backed-up chats. WhatsApp is stretching the definition of the term by a bit to mean that no one but you will have the encryption key to unlock your stored backup.
However, WhatsApp still won't store your backup itself. As before, you can back up your chats to Apple iCloud or Google Drive, depending on whether you're using an iPhone or an Android phone.
The end-to-end encryption will be optional — you have to actively choose it — and is being rolled out slowly starting today. Not everyone will get it right away.
Once you choose to encrypt your chat backups, Facebook's engineering team said in a blog post, any previous backups will be deleted.
Sign up to get the BEST of Tom's Guide direct to your inbox.
Here at Tom’s Guide our expert editors are committed to bringing you the best news, reviews and guides to help you stay informed and ahead of the curve!
WhatsApp previously offered encryption of backups to iCloud, but used a different mechanism that allowed attackers to retrieve the encryption key if they could spoof the legitimate user's phone number, as Forbes' Thomas Brewster explained in 2017.
How to enable end-to-end encrypted WhatsApp backups
To get started with WhatsApp's end-to-end encrypted backups, make sure your iPhone or Android phone has the latest version of WhatsApp installed.
Caveat: You may or may not be able to do this yet. Our Android phone wasn't able to at the time of this writing, despite running the latest version of WhatsApp. But here's how to find out.
1. Find your Settings screen. On Android, you can click the three vertical dots at the top of the WhatsApp main screen.
2. Tap Chats.
3. Tap Chat Backup.
4. Tap End-to-end encrypted backup if it's offered.
5. Tap Continue and follow the instructions to create your personal encryption key (explained below).
6. Tap Done when the process is finished.
How WhatsApp encrypted backups work
If you do choose to enable full backup encryption, the process begins with your phone locally generating a 256-bit (32-byte) encryption key. The key will be used to encrypt your chat backup on your phone, and the encrypted backup will be uploaded to Google Drive or to iCloud.
You have a choice of two different ways to manage the WhatsApp backup encryption key. The first is riskier but offers more control; the second unloads the management to WhatsApp in a way that shouldn't expose the encryption key to anyone else, at least in theory.
In the first option, you'll be given a 64-character version of the encryption key in hexadecimal notation. It will look like a long string of digits plus the letters A through F, the latter representing the numbers 10 through 15. (Each character is four bits, or half a byte.)
You will have to write down or save this 64-character string somewhere, such as with one of the best password managers. But you're responsible for the encryption key and WhatsApp won't be able to help you if you lose it.
When you need to retrieve your WhatsApp backup, such as when you're switching to a new phone, you will have to enter or paste the 64-character key into WhatsApp.
Here's a diagram showing how this works.
The other option is to let WhatsApp handle the 32-byte key. This bit is somewhat complicated because you have to create a new password (apparently different from your regular WhatsApp user password) to encrypt and decrypt the encryption key.
The encrypted key will itself be stored in something called the Backup Key Vault that lives in hardware security modules (HSMs) on at least five separate WhatsApp servers around the world.
You'll have to write down or save that password as well, because a Facebook whitepaper explaining the technical details says that the Backup Key Vault will "[render] the key permanently inaccessible after a certain number of unsuccessful attempts to access it." Too many wrong password entries, and you'll be locked out.
WhatsApp won't be able to see your encryption key without knowing your password, states the Facebook Engineering blog post: "WhatsApp will know only that a key exists in the HSM. It will not know the key itself."
In other words, your password unlocks the encryption key, and the key unlocks the stored backup. When you need to retrieve your backup, WhatsApp on your phone will reach out to WhatsApp's servers to retrieve the encrypted version of the encryption key, which will then be decrypted on your phone so that the decrypted key can decrypt the backup. Got that?
Here's diagram illustrating that process.
Potential pitfalls of WhatsApp backup encryption
There are some possible drawbacks to this new form of optional backup encryption.
First, it should be easy enough to retrieve backups when moving from an old iPhone to a new iPhone, or from an old Android phone to a new Android phone, as long as your have your backup password or encryption key.
But what about if you're switching between platforms? It doesn't seem like WhatsApp on Android can access iCloud, or that WhatsApp on iOS can access Google Drive. But there may be workarounds we're not aware of.
Second, you don't want to do this on more than one phone at a time. As the Facebook whitepaper states, "end-to-end encrypted backups are only supported on a user's primary device."
Third, the whitepaper says that "we recommend that users who opt in to end-to-end encrypted backups also deselect WhatsApp from the apps that are included in their device-level backups."
That's because chats stored on a phone may be backed up in unencrypted form in the regular full-device backups unless the user exempts those chats from regular backups.
Here are WhatsApp's instructions on exempting chat backups from regular iCloud full-device backups. Note that, as WhatsApp says, "disabling automatic iCloud backup does not enable end-to-end encrypted backup." You still have to set up end-to-end encrypted backups manually.
Finally, as stated already, if you forget or lose your 64-character encryption key or your backup password, then you'll lose the backup entirely. Presumably you could just create a new password or encryption key and start over again. As long as the old WhatsApp chats are still stored on your phone, they won't be entirely lost.
Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.