WhatsApp gets support for end-to-end encryption

Spread the love

WhatsApp is getting built-in support for end-to-end encryption, enabled by default. The Android version of the popular messaging service is equipped with that functionality, which ensures that WhatsApp itself can no longer read the messages.

Messages sent via WhatsApp were already encrypted, but the encryption only took place between the WhatsApp server and user. WhatsApp also manages the keys, so that messages can be read by the messaging service, for example if the police or the intelligence services request this.

In the new version of WhatsApp for Android, messages are also end-to-end encrypted by default, OpenWhisper reports, which is responsible for security. With end-to-end encryption, the encryption is set up by the app on the phone of the interlocutors, where the key is also stored. The WhatsApp server is not involved. Messages can therefore only be decrypted by the two interlocutors, and no longer by WhatsApp itself.

WhatsApp has teamed up with Open Whisper Systems, the maker of the secure chat app TextSecure, for stronger encryption. According to the company’s chief technology officer, noted hacker Moxie Marlinspike, the biggest challenge in the collaboration was making the code suitable for WhatsApp’s hundreds of millions of users.

The new version of WhatsApp does not seem to have been rolled out yet. Also, the functionality is currently only available for Android users, and not for iOS or Windows Phone users. It is unclear if and when that will change. Both interlocutors will need to have a suitable version of WhatsApp in order to benefit from the better security.

WhatsApp never had a great reputation for security. Investigators were able to find serious holes in the security several times. Initially, the chat app didn’t encrypt messages and data at all, making it easy to intercept messages sent over public Wi-Fi hotspots. Later, the messages were encrypted, but depending on the platform with the imei number or MAC address of the phone. However, the MAC address can be read remotely.

WhatsApp is the first major, popular chat app to include support for end-to-end encryption and enable it by default. There are apps like TextSecure, Cryptocat and Silent Text that offer encrypted communication, but they are mainly used by privacy enthusiasts. Telegram also offers end-to-end encryption, but users have to choose this consciously.

You might also like