Skip to main content

WhatsApp to offer 'end-to-end' encrypted backups — what you need to know

WhatsApp icon on iPhone
(Image credit: Shutterstock)

WhatsApp will soon let you fully encrypt your chat backups so that no one else —including WhatsApp — can see them.

"WhatsApp is the first global messaging service at this scale to offer end-to-end encrypted messaging and backups," Facebook founder and CEO Mark Zuckerberg wrote in a message posted on his Facebook page, about the new feature coming to the Facebook-owned app. "Getting there was a really hard technical challenge that required an entirely new framework for key storage and cloud storage across operating systems."

End-to-end encryption usually refers to data in motion being transmitted from one client device to another, not to data at rest as in these backed-up chats. Zuckerberg is taking some artistic license and stretching the definition of the term to mean that no one but you will have the encryption key to unlock your stored backup.

However, WhatsApp still won't store your backup itself. As before, you will be given the option to back up your chats to Apple iCloud or Google Drive, depending on whether you're using an iPhone or an Android phone.

The encryption will be optional — you have to actively choose it — and won't be available for a few more weeks, Facebook's engineering team said in a blog post. Once you choose to encrypt your chat backups, any previous backups will be deleted.

WhatsApp previously offered encryption of backups to iCloud, but used a different mechanism that allowed attackers to retrieve the encryption key if they could spoof the legitimate user's phone number, as Forbes' Thomas Brewster explained in 2017.

How WhatsApp encrypted backups will work

If you do choose to enable full backup encryption, the process will begin with your phone locally generating a 256-bit (32-byte) encryption key. The key will be used to encrypt your chat backup on your phone, and the encrypted backup will be uploaded to Google Drive or to iCloud.

You have a choice of two different ways to manage the WhatsApp backup encryption key. The first is riskier but offers more control; the second unloads the management to WhatsApp in a way that shouldn't expose the encryption key to anyone else, at least in theory.

In the first option, you'll be given a 64-character version of the encryption key in hexadecimal notation. It will look like a long string of digits plus the letters A through F, the latter representing the numbers 10 through 15. (Each character is four bits, or half a byte.)  

You will have to write down or save this 64-character string somewhere, such as with one of the best password managers. But you're responsible for the encryption key and WhatsApp won't be able to help you if you lose it. 

When you need to retrieve your WhatsApp backup, such as when you're switching to a new phone, you will have to enter or paste the 64-character key into WhatsApp.

Here's a diagram showing how this works.

(Image credit: Facebook)

The other option is to let WhatsApp handle the key. This bit is somewhat complicated because you have to create a new password (apparently different from your regular WhatsApp user password) to encrypt and decrypt the encryption key. 

The encrypted key which will itself be stored in something called the Backup Key Vault that lives in hardware security modules (HSMs) on at least five separate WhatsApp servers around the world.

You'll have to write down or save that password as well, because a Facebook whitepaper explaining the technical details says that the Backup Key Vault will "[render] the key permanently inaccessible after a certain number of unsuccessful attempts to access it." Too many wrong password entries, and you'll be locked out.

WhatsApp won't be able to see your encryption key without knowing your password, states the Facebook Engineering blog post: "WhatsApp will know only that a key exists in the HSM. It will not know the key itself."

In other words, your password unlocks the encryption key, and the key unlocks the stored backup. When you need to retrieve your backup, WhatsApp on your phone will reach out to WhatsApp's servers to retrieve the encrypted version of the encryption key, which will then be decrypted on your phone so that the decrypted key can decrypt the backup. Got that?

Here's diagram illustrating that process.

(Image credit: Facebook)

Potential pitfalls of WhatsApp backup encryption

There are some possible drawbacks to this new form of optional backup encryption. 

First, it should be easy enough to retrieve backups when moving to a new iPhone or Android phone as long as your have your backup password or encryption key, but what about if you're switching between platforms? 

It doesn't seem like WhatsApp on Android can access iCloud, or WhatsApp on iOS access Google Drive, but there may be some workarounds we're not aware of.

Second, you don't want to do this on more than one phone at a time. As the Facebook whitepaper states, "end-to-end encrypted backups are only supported on a user's primary device."

Third, the whitepaper says that "we recommend that users who opt in to end-to-end encrypted backups also deselect WhatsApp from the apps that are included in their device-level backups." 

We're not sure if that means that the encryption process will interfere with the regular device backups — many of which would go to iCloud or Google Drive anyway — or that it means that WhatsApp data will be stored in unencrypted form in the regular device backups.

Finally, as stated already, if you forget or lose your 64-character encryption key or your backup password, then you'll lose the backup entirely. Presumably you could just create a new password or encryption key and start over again.

Paul Wagenseil

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.