WhatsApp is an extremely popular mobile messaging service with over 1 billion daily users. That's an amazing figure, and the company prides itself in the apparent security it affords all of those users (provided they are running the latest version of the app). Below is our guide on how to ensure your WhatsApp messages are fully end-to-end encrypted.
However it's also good to be aware that not everyone trusts the company's word, in part because of privacy issues surrounding its parent company Facebook and also its implementation of encryption. WhatsApp uses part of a security protocol developed by Open Whisper Systems, a company that has its own fully secure messaging app Signal (for iOS and Android). It's very good. It may not be as obsessed with multimedia sharing as WhatsApp but its basic functions are the same - and fully end-to-end encrypted. In January 2017 the Guardian reported claims that WhatsApp 'has the ability to force the generation of new encryption keys for offline users, unbeknown to the sender and recipient of the messages, and to make the sender re-encrypt messages with new keys and send them again for any messages that have not been marked as delivered.'
The Guardian claimed that WhatsApp has a 'backdoor'. If WhatsApp covertly changed security keys of a user, the company could, according to Tobias Boelter, a cryptography and security researcher at the University of California, 'disclose its messaging records, it can effectively grant access due to the change in keys' at the request of government agencies.
WhatsApp claims this loophole exists so that if someone changes their phone, and therefore their automatic security key, messages will still send so as not to disrupt service. This is, to be fair, a valid point, as not doing so would disrupt the service of 1 billion people relatively frequently. WhatsApp's full statement can be found here via Reddit. Open Whisper Systems also issued a statement here. While one can't say for sure who is right, it continues to show that companies that try to promote security are the ones that end up suffering for it publicly. Despite this, here is our guide on how to turn on WhatsApp encryption in the first place, and also how to opt out of adverts on the platform.
WhatsApp encryption explained: What is encryption?
Encryption is the scrambling of messages from the sender on their journey to the recipient, largely to discourage the interception and reading of those messages by other parties. This concept dates back thousands of years to coded written message sending, but now, modern forms of communication can be encrypted automatically with complex coding. Thanks to the smartphone revolution, we now send and receive an awful lot more data between devices. All this data, be it voice calls, text messages or mobile data, is managed by whichever service provider whose service you are using. Whether or not this data is encrypted varies depending on the policy of the company providing the service. For example, voice calls and text messages are handled by your mobile operator. This operator also provides your 3G or 4G connection to the Internet on your smartphone, but they don’t encrypt all the services you use.
If you tend to message via WhatsApp rather than text message, your mobile operator is not responsible for encrypting that WhatsApp data – it merely provides you with your connection to the wider Internet, the connection that allows apps such as WhatsApp, Facebook and Twitter to send messages all over the world. Also see: How to restore WhatsApp messages from a backup.
How does WhatsApp end-to-end encryption work?
WhatsApp encrypting messages ‘end-to-end’ is a big deal because it means that the company itself has decided to run a system in which even it cannot intercept and read messages sent on its own platform. When you send a message, it can only be ‘unlocked’ by the intended recipient, thanks to a very complex code that took WhatsApp several years to develop. It’s no mean feat to achieve, particularly given that 1 billion people use the service.
This differs to many messaging apps, which only encrypt messages between you and them. This means that your messages are stored on the services servers, usually not permanently, so hypothetically could be accessed and read.
Why has WhatsApp introduced end-to-end encryption?
Now that WhatsApp has end-to-end encryption, it means that they and no party – governments, police, hackers, other users – can intercept and read your messages.
WhatsApp has done this because as a company they believe in your right to have private conversations when you use their service. Also see: How to avoid WhatsApp scams
Why is end-to-end encryption important? The reason the decision is getting a lot of attention is because of high profile cases in which communications service providers like Facebook are put upon by authorities to release sensitive personal data.
A high profile case is the FBI asking Apple to unlock an iPhone 5C that was used by one of the San Bernardino shooters, a move which Apple refused, underlining the integral values many large communications companies hold when it comes to personal data, security and encryption.
Does every app have end-to-end encryption?
The short answer is no – but also this is not something to be alarmed about.
WhatsApp’s decision is one of the first of its kind, and is particularly interesting because traditionally smartphone messaging services have played down the importance of security.
Facebook Messenger only encrypts messages between your device and their servers. This means, by law, Facebook could be obliged to divulge private messages. The same applies to Instagram, which Facebook owns, though interestingly, it also owns WhatsApp.
Read next: How to read a WhatsApp message without the sender knowing
n August 2016 WhatsApp announced that it will start to share data with its parent company Facebook in order to draw in adverts to the platform. Third party companies will be able to send targeted messages directly to WhatsApp users should they accept the new terms and conditions.
Facebook bought WhatsApp in 2014 and the latter will now share users’ phone numbers with Facebook to provide advertisements. It’s a clear sign that the platform is having to monetise its offering after a few years of providing a free service.
It seems if you opt in, Facebook will recieve information in order to better target you with adverts on the Facebook platform. It's a small but significant sign that the Facebook-owned WhatsApp is having to concede some of its privacy values. If you don't want to share additional information such as your phone number cross-platforms, here's how to opt out of WhatsApp adverts. You will be given the following screen where you can agree to the changes.
