The WhatsApp Provides the ability to encrypt files Backups From chats saved in the cloudAs for google drive or iCloud.
This means that the system can be configured to protect backups made in the cloud with a password or a 64-digit encryption key known only to the user. As the company explained when it announced this novelty, “Nobody, not even WhatsApp or your backup provider, will be able to read your backups or access the key to unlock them.”
Didn’t WhatsApp already offer endpoint encryption? Yes, but only on messages that are sent and received on the device. This encryption has been around by default since 2016, but A novelty incorporated in October 2021 is the ability to encrypt the backup as well (with E2EE encryption) Or, back up conversations stored in the cloud.
How to activate end-to-end encryption on copies made in the cloud
This option is available for Android and iOS users. The former backup is on Google Drive, the latter is on iCloud. Here’s how to activate this option step-by-step, either way:
1. Open Settings or Settings.
2. Touch Chats / Backup / End-to-end encrypted backup.
3. Tap Activate, then follow the steps to create a password or key.
This process may take some time. It should be noted that if the user loses their password or the auto-generated key, they will not be able to restore their backup.
How to disable end-to-end encrypted backup
1. Open Settings or Settings.
2. Go to chats/ Backup / End-to-end encrypted backup.
3. Touch Deactivate.
4. Enter the password.
5. Touch Deactivate to confirm the decision.
What is end-to-end encryption and what is its purpose?
It is a security technology that makes all the content you share with the messaging service (messages, photos, videos, etc.) to be transmitted in an encrypted manner It is only decrypted when it reaches the receiver. This means that even if the attacker intercepts the content in transit, he will not be able to access it because it is encrypted, i.e. “unreadable”.
Before the message leaves the sender’s phone, it is secured with an encrypted lock, the key to which only the recipient possesses. Also, the keys change with each message sent. Thus, end-to-end encryption ensures that data is transmitted securely between two end points: the sender and the receiver.
The technology behind this encryption
To enable E2EE backups, the company has developed a new encryption key storage system that works with both iOS and Android. With this option, Backups are encrypted using a unique, randomly generated encryption key.
Users can choose to lock the key manually or with a user password. When someone chooses a password, The key is stored in the Backup Key Vault which is created based on a component called the Hardware Security Module (HSM), It is a specialized device that can be used to securely store encryption keys.
When the account owner needs to access their backup, they can access it with their own encryption key or they can use their personal password to retrieve their encryption key from the HSM-based backup keystore and decrypt their backup.
HSM-based backup key store will be responsible for enforcing password verification attempts and making the key permanently inaccessible after a limited number of failed attempts to access it. These security measures provide protection against brute force attempts to recover the key. WhatsApp only knows that the key is in the HSM, but it doesn’t know the key itself.
When someone wants to recover your backup, they must enter your password, which is encrypted and then verified by Backup Key Vault. Once the key is verified, Backup Key Vault will send the encryption key to the WhatsApp client.
With the key in hand, the WhatsApp client can decrypt the backups. On the other hand, if the account owner chooses to use only the 64-digit key, they will have to enter the key manually to decrypt and access the backups.