WhatsApp users on iOS and Android will soon be able to secure their backups to iCloud and Google Drive with end-to-end encryption, Facebook CEO Mark Zuckerberg confirmed Friday.
„WhatsApp is the first global messaging service at this scale to offer end-to-end encrypted messaging and backups,” Zuckerberg said in a Facebook post, „and getting there was a really hard technical challenge that required an entirely new framework for key storage and cloud storage across operating systems.”
That work became public when WABetaInfo reported that the service had started testing end-to-end encrypted backups on Android in July. Now it’s official: WhatsApp users can soon save their chat history to cloud services with fewer worries about privacy. Assuming, of course, that WhatsApp’s implementation of these encrypted backups is free of flaws.
Facebook published a post to its engineering-focused blog discussing WhatsApp’s implementation of end-to-end encrypted backups. That post revealed that WhatsApp users will have two options for encrypting their chat history—a randomly generated 64-digit key or a password saved to a Backup Key Vault.
Backup Key Vaults store passwords in a Hardware Security Module (HSM). Facebook said the vault „will be responsible for enforcing password verification attempts and rendering the key permanently inaccessible after a limited number of unsuccessful attempts to access it,” and that „WhatsApp will know only that a key exists in the HSM. It will not know the key itself.”
The company said „the HSM-based Backup Key Vault service will be geographically distributed across multiple data centers to keep it up and running in case of a data center outage,” too, which is vital for a global service with 2 billion users. More information about how Facebook and WhatsApp have set up end-to-end encrypted backups is available in a new whitepaper.
Facebook said that end-to-end encrypted backups will be available to WhatsApp users on iOS and Android „in the coming weeks.”