In terms of messaging apps, WhatsApp is by far the most popular, beating out its rivals Messenger, Signal, and Telegram. Because we share so much private information online, is the app safe to use, given how much we do? Should you be concerned about hackers or data leaks, even though WhatsApp claims to be able to protect your messages?
Let’s examine WhatsApp’s security features, including end-to-end encryption. Later, we’ll also talk about some extra features you can use to keep your chats safe from people who don’t want to see them.
End-to-end encryption on WhatsApp
Despite the fact that instant messaging has been available since the beginning of the internet, its first versions were far from safe. In the first place, they sent messages to each other in the form of plain text. As a result, anyone with access to the company’s servers, including third-party and fraudsters further down the chain, might read your messages. Even though many services started encrypting user communications in the late 2000s, most companies still had the keys to decrypt them on their own end, so they could still read the messages.
End-to-end encryption (E2EE), on the other hand, has become more common in recent years on many platforms. This helps protect messages and users’ privacy. Sender and receiver only have the keys to open each other’s messages in an end-to-end encrypted communication channel, and only they know how to do it. Your messages are encrypted, so no one else can read them. This includes the platform, your ISP, or even a hacker who has access to the encrypted data.
WhatsApp’s end-to-end encryption has relied on Open Whisper Systems’ Signal technology since 2014. You may have heard of the company because they made the chat app Signal, which is a lot like WhatsApp but puts security and privacy first.
WhatsApp says that almost all of your communication on the platform is protected by end-to-end encryption. All of these things: text messages, audio and video files, voice notes, calls, and even status updates.
How does WhatsApp encrypt messages?
It starts with public-key encryption, then moves on to other types of cryptography. WhatsApp uses the Signal encryption protocol. Basically, each person owns a pair of randomly generated keys. One is kept private, and the other is shared with other people.
To encrypt messages, a sender takes the recipient’s public key and puts it in a message. The recipient decrypts it with their own private key. WhatsApp can’t see your private key because it’s made by your device. This straightforward cryptographic technique has been in use for decades, with updated versions being used to secure everything from emails to cryptocurrency wallets, among other things.
If you just use standard public-key encryption, it isn’t safe enough on its own. One thing can go wrong. It’s possible for someone to get their hands on your private key at any time. They could decrypt all of your past, present, and future chats without any checks. In order to fix this, the people who made Signal’s protocol came up with a new method called double ratchet encryption.
The protocol uses a combination of permanent and temporary keys for each user. It is the latter that alters with each new message that you send. To put it another way, even with a single key, an attacker would only be able to decrypt one or two messages. It might seem like a lot of work to keep replacing keys all the time, but it’s also easy enough that our phones can do it for us.
There is, of course, a lot more to WhatsApp’s encryption system, which you can read about in the company’s technical white paper on the subject. However, the most important thing is that the encryption is strong enough to keep people from eavesdropping and other simple attacks from getting through.
Among other things, what do the experts say?
If you use WhatsApp, you can check to see if your individual chats and calls are encrypted from start to finish. Open a chat in the app, tap on the contact’s name, and then the “Encryption” label at the bottom. You’ll be shown a QR code and a 60-digit number, and you’ll have to choose which one. Following the same steps on the recipient’s phone, look at the values and see if they match up.
This means that if the number on both your phones matches, your chat will be properly encrypted from start to finish. Even while WhatsApp refers to this as a “security code,” it’s really just a shortcut to the public key that we discussed earlier. This step also helps make sure that your communication is going to the right person and not a malicious imposter who is pretending to be your contact. WhatsApp is held accountable as well, because if the keys don’t match, they would be subjected to intense scrutiny.
WhatsApp isn’t perfect, though. It stores a lot of information about you that isn’t in the chat window. Your contact list, current location, unique device identifiers, and purchase history are just a few examples of the information gathered. Signal, on the other hand, is the only alternative that claims to collect less data and to place a strong emphasis on security, as evidenced by independent security audits. Some of the most popular chat apps, like Messenger and Telegram, don’t even have end-to-end encryption built in by default.
It’s because of this that security experts say WhatsApp is better than most of the other apps on the market now. Its data-sharing policies are criticised by the Electronic Frontier Foundation. It says that “WhatsApp still has strong encryption, and there is no reason to doubt the security of your messages on WhatsApp.”
One of the app’s co-founders, Moxie Marlinspike, has said it’s good in the past, too. “Signal” believes that WhatsApp is still a good choice for people who care about the privacy of their messages. This is what he wrote in a blog post in 2017.
1 Comment
Pingback: Can I record a WhatsApp voice or video call? - Innovation Village | Technology, Product Reviews, Business