Home » Technology » Facebook » WhatsApp » WhatsApp Committed To Support Encrypted Cloud Backups Properly

WhatsApp Committed To Support Encrypted Cloud Backups Properly


WhatsApp has announced that it will support end-to-end encrypted backups in the cloud in the future. Users then need a password to access their data backup – the company has no way of “reading”.

This emerges from a blog post by parent company Facebook. To protect the privacy of messages, WhatsApp has been offering end-to-end encryption as standard for years, so that messages can only be viewed by the sender and recipient and no one in between. As a next step, WhatsApp backups will also be provided with end-to-end encryption – the company had confirmed this a few days ago.

Users can already back up their WhatsApp messages via cloud-based services such as Google Drive and iCloud. Even then, WhatsApp has no access to these backups, and they are backed up by individual cloud-based storage services. But if you decide to activate end-to-end encrypted (E2EE) backups, neither WhatsApp nor the provider of the backup service can access the backups or their encryption keys.

According to media reports, this is likely to be a reaction to the fact that Apple has confirmed that it has a master key for cloud backups and that it has already had to give it to US investigative authorities.

How E2EE backups work

WhatsApp is now starting a new system for the E2EE backups. When E2EE backups are enabled, the backups are encrypted with a unique, randomly generated encryption key, explains the service provider. The users can choose whether they want to secure the key manually or with a user password. When someone chooses a password, the key is stored in a backup key vault, which is based on a component called a hardware security module (HSM) – special, secure hardware that can be used to securely store encryption keys. If the account holder needs access to his backup, he can access it with his encryption key or use his personal password.

Start in the coming weeks

WhatsApp only knows that there is a key in the HSM – but the key itself is not known. As soon as the E2EE backups are activated, a backup can be stored outside the device after encryption (e.g. in iCloud or Google Drive). E2EE backups should be available for iOS and Android users in the coming weeks. WhatsApp has published the details of the technical details in a white paper on end-to-end encrypted backups.