WhatsApp starts encrypting user messages on Android devices
The company is bringing end-to-end encryption via TextSecure, a software that scrambles messages with a device-specific cryptographic key, to its over 600 million users - the largest such platform according to statista.com. Deemed “practically uncrackable” by Wired, the security enhancement means that messages cannot be deciphered when stored or in transmission between devices.
The texting behemoth, acquired by Facebook for $22 billion earlier this year, has been working with Open Whisper Systems, a privacy-oriented nonprofit, to develop the change over the last six months.
End-to-end encryption is so hard to break because unscrambling keys are stored only on users’ devices. Previously, the WhatsApp encryption system stored keys on their server as well, giving WhatsApp and Facebook administrators potential access to user communications.
The TextSecure encryption protocol uses a form of what’s known as “forward secrecy” meaning that a fresh key is created for every new message.
WhatsApp founder and CEO, Jan Koum, who grew up in the Soviet Union, has emphasized the company’s commitment to privacy.
“Respect for your privacy is coded into our DNA, and we built WhatsApp around the goal of knowing as little about you as possible,” Koum wrote in blog post on the company website in March amid fears of privacy violations after the controversial Facebook acquisition.
Open Whisper System’s creator, Moxie Marlinspike notes WhatsApp encryption project’s massive scale. “I do think this is the largest deployment of end-to-end encryption ever,” he said in an interview with Wired.
— Moxie Marlinspike (@moxie) November 18, 2014
For the moment, the privacy is boost is limited to Android users, though Marlinspike says that WhatsApp is set to rollout versions for other platforms including iOS shortly. In the initial stages, encryption will not apply to group messages, photos, or videos messages, but Marlinspike assures WhatsApp users that those features are soon to come.
WhatsApp’s security update comes in the wake of a larger shift towards privacy among tech companies. After Google and Apple expanded encryption use among mobile device communications earlier this fall, FBI Director James Comey decried the move, saying, that “the post-Snowden pendulum has swung too far.”
Because WhatsApp messages won’t be stored on its servers, the company will not be able to hand over users’ communications to authorities even if subpoenaed.