WhatsApp to offer end-to-end encrypted backups in iCloud, Google Drive with user-managed keys
Funny how 'privacy-focused' Apple and Google haven't managed that
Facebook's WhatsApp on Friday said users will soon be able to store end-to-end (E2E) encrypted backups of their chat history on Google Drive in Android or Apple iCloud in iOS, with an option to self-manage the encryption key.
The move makes encryption-enforced message privacy – typically rather complicated – more viable for consumer-oriented messaging services, if you take for granted the technical integrity of WhatsApp's encryption and the company's claims about its privacy practices.
"We’re adding another layer of privacy and security to WhatsApp: an end-to-end encryption option for the backups people choose to store in Google Drive or iCloud," said Facebook supremo Mark Zuckerberg in a missive on his platform.
"WhatsApp is the first global messaging service at this scale to offer end-to-end encrypted messaging and backups, and getting there was a really hard technical challenge that required an entirely new framework for key storage and cloud storage across operating systems."
WhatsApp, which boasts two billion users who send over 100 billion messages a day, has beaten Apple to market, if speculation about its intention to offer encrypted iCloud backups proves true.
Apple recently announced plans to scan iCloud-bound photos on customers' devices, an initiative so contrary to the company's privacy marketing that security experts tried to explain away the corporate self-harm by suggesting that the intrusive tech might represent a way to placate law enforcement objections to offering iCloud encryption. Apple however walked back its CSAM-scanning plan after advocacy groups and the tech community criticized the privacy compromise.
Word of WhatsApp's extension of encryption to cloud backups follows a recent ProPublica report that assailed the integrity of WhatsApp's encryption and its sharing of message metadata, only to subsequently clarify that the app's mechanism for reporting abuse doesn't break the app's end-to-end encryption.
- Can WhatsApp moderators really read your encrypted texts? Yes ... if you forward them to the abuse dept
- WhatsApp pulls plug on Taliban helpline, shuts down official-looking accounts
- UK.gov is launching an anti-Facebook encryption push. Don't think of the children: Think of the nuances and edge cases instead
- We've been shown time and again that strong encryption puts crims behind bars, so why do politicos hate it?
WhatsApp has applied E2E encryption to all messages, calls, video chats, and media since 2016. Around that time, it also provided encryption for iCloud backups. But the key generation method used was reportedly susceptible to a spoofing technique by which an attacker could obtain the key by using a SIM-card with the name number as the WhatsApp user's device.
The FBI investigation of former Trump campaign chair Paul Manafort (convicted in 2018, sentenced in 2019, then pardoned in 2020) offers a lesson on the need for encrypted backups and also on their limits.
One court document [PDF] filed in connection with that case indicates that the FBI obtained some of Manafort's WhatApp messages from Apple's iCloud, where they had presumably been backed up without encryption. But the document also indicates that investigators obtained other messages from those who had received them, making E2E encryption irrelevant.
The devil's in the details
WhatsApp's current approach, described in a technical paper [PDF], looks more secure, though similarly vulnerable to the exposure by those on the other end of the communication channel.
"The backups themselves are generated on the client as data files which are encrypted using symmetric encryption with the locally generated key," WhatsApp's paper explains.
"After a backup is encrypted, it is stored in the third party storage (for example iCloud or Google Drive). Because the backups are encrypted with a key not known to Google or Apple, the cloud provider is incapable of reading them."
WhatsApp will offer two key handling options. One involves a user-supplied password – unknown to WhatsApp or third-party backup services – that retrieves the user's actual encryption key from a Backup Key Vault based on a hardware security module (HSM) in a WhatsApp data center.
The other skips the password and requires the user to supply a 64-digit encryption key, without the involvement of the HSM Backup Key Vault, to access any encrypted backups. Generally, that's going to mean writing the key on a piece of paper and storing it, or trusting it to a password management app, unless you're particularly adept at memorizing dozens of digits.
Will Cathcart, head of WhatsApp at Facebook, acknowledged that not everyone supports broader use of encryption, but argued for it anyway.
"Some governments continue to suggest using their powers to require companies to offer weaker security," he said, via Twitter. "We think that’s backwards: we should demand more security from companies for people’s sensitive information, not less."
We might also consider storing less data. The best security for message backups is not to have them if you don't really need them. ®