icon bookmark-bicon bookmarkicon cameraicon checkicon chevron downicon chevron lefticon chevron righticon chevron upicon closeicon v-compressicon downloadicon editicon v-expandicon fbicon fileicon filtericon flag ruicon full chevron downicon full chevron lefticon full chevron righticon full chevron upicon gpicon insicon mailicon moveicon-musicicon mutedicon nomutedicon okicon v-pauseicon v-playicon searchicon shareicon sign inicon sign upicon stepbackicon stepforicon swipe downicon tagicon tagsicon tgicon trashicon twicon vkicon yticon wticon fm
19 Nov, 2014 21:15

WhatsApp starts encrypting user messages on Android devices

WhatsApp starts encrypting user messages on Android devices

WhatsApp, the world’s most popular mobile messaging application, is adding a default encryption service for messages sent on its platform, what is said to be the largest encryption service of its kind.

The company is bringing end-to-end encryption via TextSecure, a software that scrambles messages with a device-specific cryptographic key, to its over 600 million users - the largest such platform according to statista.com. Deemed “practically uncrackable” by Wired, the security enhancement means that messages cannot be deciphered when stored or in transmission between devices.

The texting behemoth, acquired by Facebook for $22 billion earlier this year, has been working with Open Whisper Systems, a privacy-oriented nonprofit, to develop the change over the last six months.

End-to-end encryption is so hard to break because unscrambling keys are stored only on users’ devices. Previously, the WhatsApp encryption system stored keys on their server as well, giving WhatsApp and Facebook administrators potential access to user communications.

The TextSecure encryption protocol uses a form of what’s known as “forward secrecy” meaning that a fresh key is created for every new message.

WhatsApp founder and CEO, Jan Koum, who grew up in the Soviet Union, has emphasized the company’s commitment to privacy.

“Respect for your privacy is coded into our DNA, and we built WhatsApp around the goal of knowing as little about you as possible,” Koum wrote in blog post on the company website in March amid fears of privacy violations after the controversial Facebook acquisition.

Open Whisper System’s creator, Moxie Marlinspike notes WhatsApp encryption project’s massive scale. “I do think this is the largest deployment of end-to-end encryption ever,” he said in an interview with Wired.

At @whispersystems, we've partnered with @WhatsApp to provide end to end encryption for WhatsApp users by default: https://t.co/FZt9jgtAwE

— Moxie Marlinspike (@moxie) November 18, 2014

For the moment, the privacy is boost is limited to Android users, though Marlinspike says that WhatsApp is set to rollout versions for other platforms including iOS shortly. In the initial stages, encryption will not apply to group messages, photos, or videos messages, but Marlinspike assures WhatsApp users that those features are soon to come.

WhatsApp’s security update comes in the wake of a larger shift towards privacy among tech companies. After Google and Apple expanded encryption use among mobile device communications earlier this fall, FBI Director James Comey decried the move, saying, that “the post-Snowden pendulum has swung too far.”

Because WhatsApp messages won’t be stored on its servers, the company will not be able to hand over users’ communications to authorities even if subpoenaed.