WhatsApp, encrypted backups are coming: here’s how they work

WhatsApp is ready to release an important update that will allow users to encrypt chat backups: anticipated a few months ago, the news will be made available over the next few weeks to iOS and Android users. The solution, which is described in a whitepaper released by Facebook, aims to protect message backups that are stored in the cloud, be it Google Drive or iCloud, from prying and malicious eyes.

Mark Zuckerberg, CEO of Facebook, said: “WhatsApp is the first global messaging service on this scale to offer end-to-end encrypted messages and backups and getting there was a really tough technical challenge that required an entirely new framework for key archiving and cloud archiving between operating systems “.

When the user chooses to encrypt their backups, they will need to save a 64-digit encryption key or create a password linked to the key. When the password is created, WhatsApp stores the associated key in a physical hardware security module (HSM), which is managed by Facebook and unlocked only when the correct password is entered on WhatsApp. At this point, the correctly unlocked HSM provides the encryption key that decrypts the backup stored on Google or Apple’s servers.

The HSM is located in Facebook’s datacenters around the world to ensure continuity of service. If repeated, incorrect, password entry attempts occur, the HSM will become permanently inaccessible. Likewise, if you opt to manually save the 64-digit encryption key and lose it, the backup will no longer be accessible. However, it is still possible to reset the password if you have forgotten it. The basic idea is that it is guaranteed that only the account owner and no one else can access a backup.

The ability to use encrypted backup will only be for the user’s primary device, despite recent multi-device support.