The Facebook-owned company announced that all messages, including texts, calls, videos, voice messages and files, will be end-to-end encrypted by default, meaning that anyone other than the sender and recipient(s) will not be able to access them – not even Whatsapp employees.
WhatsApp said in a statement, “Not cybercriminals. Not hackers. Not oppressive regimes. Not even us.” The news comes after it was revealed that companies such as Google, Snapchat and Facebook are bolstering their respective encryption services, which they have been doing for some time now.
This will not affect how Whatsapp is used on a daily basis. What it does mean is that it will be much more difficult for Whatsapp to provide law enforcement or other governmental authorities copies of any users communications, even if requested by warrant, because of the strength of the encryption.
“In practice this means that WhatsApp is now one of the most secure ways to communicate electronically,” says Carey van Vlaanderen, CEO, ESET Southern Africa.
End-to-end encryption is a way of transmitting a message so that it can only be read by the intended recipient, and not intercepted by accessing the servers or the networks via which the message is sent. Rather than being sent as plain text, the message is scrambled as a long series of digits that needs a key only held by the sender and the recipient to understand it. The keys are ephemeral, meaning that they disappear after the message is unscrambled so that it cannot be unlocked afterwards.
WhatsApp users can also verify that their communications are not being intercepted by scanning a code on the other user’s phone. Encrypted messages and phone calls have infuriated security services since they have relied on tapping into communication data.
It is important for users to note that although the completion of default end-to-end encryption is a hugely important security milestone for the WhatsApp platform, it does not mean that from here on in every communication sent via the app is end-to-end encrypted, as that is reliant on all users being upgraded to the latest version of the software.