WhatsApp began quietly testing end-to-end encryption for chat history backups earlier this summer. Now, the company is making the feature official: WhatsApp announced today that all users will be able to encrypt backups of their chat history.
While WhatsApp messages have been encrypted since 2016, the app hasn’t offered end-to-end encryption of backups, which rely on iCloud or Google Drive. But with the latest update, users will be able to opt-in to end-to-end encryption for their backups before those backups hit their cloud storage service. Users can expect the update “in the coming weeks,” according to the company.
Once end-to-end encryption is enabled, “neither WhatsApp nor the backup service provider will be able to access” the backup, WhatsApp writes in a blog post. Backups are encrypted with a “unique, randomly generated encryption key.” Users will then be able to choose between two options: manually storing the 64-digit key, or setting a password, which can be used to access the key.
While the feature certainly makes backups more secure, there are a few factors to keep in mind. The first is that opting in means there will be no way to recover your backup should you lose the 64-digit encryption key (you are able to reset the password if you forget it). Next is that even though WhatsApp recently announced support for multiple devices, you’ll only be able to create encrypted backups on your primary device.
It’s also worth pointing out that end-to-end encryption doesn’t guarantee your chats will never be used in a way you might not like. This week, ProPublica published a lengthy story on WhatsApp’s use of human moderators who review chats that are reported by WhatsApp users. And earlier this year The Information reported that Facebook may be researching AI that could one day allow it to serve users ads based on encrypted messages (the head of WhatsApp denied the messaging app was pursuing the technology). While neither of these “break” the security offered by encryption — and there are many very good reasons why people should be able to report abusive messages — it's a good reminder that privacy is about much more than just the presence of end-to-end encryption.