“No other messaging service at our scale provides this level of security for your messages from sending and transit, to receiving and storing in the cloud,” WhatsApp told me, ahead of the news confirming it would finally enable encrypted cloud backups on both iOS and Android “in the coming weeks.”
WhatsApp has suddenly launched a major new strike at iMessage, as the battle between Facebook and Apple continues. This latest update from WhatsApp is a serious problem for iMessage, because it attacks the biggest weakness in Apple’s platform. If you’re an iMessage user, WhatsApp has just given you a reason to switch.
I’ve commented multiple times on WhatsApp’s awkward lack of encrypted backups before, seriously weakening its security. “We figured you’d be excited about this one,” the company’s spokesperson told me. And they’re right.
This was a big enough announcement to be confirmed by Facebook CEO Mark Zuckerberg himself, the extension of WhatsApp’s end-to-end encryption to iCloud and Google backups means that neither Apple nor Google (nor Facebook itself) will be able to access to your cloud content, even when approached by law enforcement.
“WhatsApp is the first global messaging service at this scale to offer end-to-end encrypted messaging and backups,” Zuckerberg posted on Facebook, “and getting there was a really hard technical challenge that required an entirely new framework for key storage and cloud storage across operating systems.”
Encrypted Backups WHATSAPP
WhatsApp has always warned users that “media and messages you back-up are not protected by WhatsApp end-to-end encryption in the cloud.” WhatsApp has never had access to these backups—they’re controlled and secured by the relative cloud platform, specifically iCloud or Google Cloud. Well, not any longer.
This level of security is possible on iMessage, but only if you change the default settings on your iPhone and other Apple devices. To fully encrypt iMessage backups, you need to disable general iCloud backups, otherwise Apple stores a copy of your encryption key, which it can access if needed or asked.
“iMessage users may wrongly believe that their communication is private,” ESET’s Jake Moore has warned, “but with access granted from just with a backup created, it somehow defeats its success in protection.”
As Apple says, “Apple retains the encryption keys in its U.S. data centers. iCloud content, as it exists in the customer’s account, may be provided in response to a search warrant issued upon a showing of probably cause, or customer consent.” The way to ensure that Apple cannot read your messages, that your content is backed-up and fully encrypted, you need to ensure that both Messages in iCloud is enabled that that iCloud Backup is disabled. That way “a new key is generated on your device to protect future messages and isn’t stored by Apple.”
It’s this iMessage weakness that Zuckerberg was referring to back in January, when he said that “iMessage stores non-end-to-end encrypted backups of your messages by default unless you disable iCloud. So, Apple and governments have the ability to access most people’s messages. So, when it comes to what matters most—protecting people’s messages, I think that WhatsApp is clearly superior.” iMessage Encrypted Backup Settings APPLE
In reality, that wasn’t the case until now—WhatsApp had its own equivalent issues, without Apple’s option to fix the situation. But that has changed. You just need to enable the opt-in feature when it hits your device—and don’t forget the encryption password, WhatsApp cannot recover it. That’s the point of end-to-end encryption.
iMessage security only works within Apple’s ecosystem, which is why this update is so significant. iMessage is no longer the most secure hyper-scale messaging platform for Apple users. A fully encrypted, backed-up, multi-device, secure messenger that works across iOS and Android is about to be made available for the very first time. The technical challenge for WhatsApp is that it doesn’t own the cloud service, and so it needs a way for you to retrieve and restore a backup after losing a device. This is done by the selection of a password that protects an encryption key that’s stored on third-party servers. If you lose your device, you use your password to retrieve your key.
The third-party cannot access the encryption key without your password—WhatsApp has no access to any of this. After a number of failed access attempts, the encryption key is destroyed. If you want to make this even more secure, you can create your own 64-digit encryption key and keep it yourself, with nothing stored outside your control. Either way, if you lose your password or your key, you lose your backup. You also need to deselect options to backup WhatsApp using Apple or Google backup processes.
The News Highlights
- As a result of a radical new WhatsApp update, Apple’s iMessage has been soundly defeated
- Check the latest update on Security news
For Latest News Follow us on Google News
- Show all
- Trending News
- Popular By week