WhatsApp finally rolls out end-to-end encrypted backups
WhatsApp has been working on end-to-end encrypted backups for well over a year now. The feature rolled out to beta testers earlier this year in July, and now it’s finally rolling out on the stable channel.
In a recent post, WhatsApp announced that the end-to-end encrypted backups feature has started rolling out with the latest WhatsApp update on iOS and Android. With this new feature, you’ll now be able to secure your chat backups with a unique password or 64-digit encryption key. In case you missed our previous coverage, here’s how WhatsApp’s end-to-end encrypted backups work:
End-to-end encrypted backups on WhatsApp use an entirely new system for encryption key storage that works across iOS and Android. The system encrypts chat backups with a unique, random key. You can either store the key manually or with a password.
If you choose to store the backup with a password, you’ll get the option to access the hardware-security-module-based Backup Key Vault to retrieve the encryption key and decrypt the backup. The vault enforces password verification attempts, and if you enter the wrong password a few times, it renders the key permanently inaccessible. This prevents brute-force attacks. When you enter the correct password, the Backup Key Vault verifies it. After verification, it sends the encryption key back to the WhatsApp client. With the key in hand, the WhatsApp client can then decrypt the backups, giving you access to your chats.
In case you use the 64-digit encryption key option, you’ll have to manually save and enter the key to access your chat backup.
In either case, neither WhatsApp nor your backup service provider (Google Drive or iCloud) will be able to read your backups or access the key required to unlock it.
To use end-to-end encrypted backups, open WhatsApp settings and navigate to Chats > Chat Backups > End-to-End Encrypted Backup. Tap on continue and follow the prompts to create a password or key. Finally, tap done and wait for WhatsApp to prepare your end-to-end encrypted backup.