WhatsApp has just made a further step ahead to ensure the security of its users. We all remember very well that the Facebook-owned instant messaging app last year added end-to-end encryption to prevent messages being intercepted by hackers and that this decision generated several debates and criticisms.
But probably many users haven’t realized that until now iPhone backed chats were stored in a readable form on Apple’s servers. Well, it appears that WhatsApp has decided to solve this issue. From now on no-one has access to messages that are stored on Apple’s cloud backup without WhatsApp decryption key.
That’s what a WhatsApp spokesperson told Forbes: “When a user backs up their chats through WhatsApp to iCloud, the backup files are sent encrypted,”. We expect that this move will encounter once again governments’ disapproval. For example Amber Rudd, UK government home secretary, who claimed that it is “completely unacceptable” that authorities are not allowed to access to messages stored on mobile applications and protected by end-to-end encryption, adding that in the near future she intends to discuss the situation with technology companies.
In the meantime, WhatsApp has not yet revealed if this further improvement is also available for Android users and, more important, how the iCloud backup encryption works.
Security experts seem quite convinced that WhatsApp itself have the ability to decrypt the files. Elmar Eperiesi-Beck, chief executive at security firm Eperi GmbH, asked WhatsApp to make its software open in order to let users understand how it works and make it possible for experts to test its security.
That’s what he said: “Right now, user data cannot be accessed by iCloud, but still by WhatsApp. Users have to decide for themselves if this solution satisfies them,” and also “WhatsApp currently seems to both generate and backup the key data. This means they have key access and subsequently can access user data. Only the user should be able to generate the access key.”
The issues with iCloud backup emerged after Forbes reported that Oxygen Forensics (a Russian-based company) have found a way to bypass the iCloud encryption. We still don’t have heard any comments coming from WhatsApp about these claims, but the decision to strengthen its encryption is a clear message.