Facebook-owned instant messaging app WhatsApp, on Friday, announced that it will let its more than 2 billion users fully encrypt the backups of their messages.
According to The Verge, the plan, which WhatsApp has detailed in a white paper before rolling out to users on iOS and Android in the coming weeks, is meant to secure the backups WhatsApp users already send to either Google Drive or Apple's iCloud, making them unreadable without an encryption key.
WhatsApp users who will choose to opt into encrypted backups will be asked to save a 64-digit encryption key or create a password that is tied to the key.
Facebook CEO Mark Zuckerberg said in a statement, "WhatsApp is the first global messaging service at this scale to offer end-to-end encrypted messaging and backups, and getting there was a really hard technical challenge that required an entirely new framework for key storage and cloud storage across operating systems."
If someone creates a password tied to their account's encryption key, WhatsApp will store the associated key in a physical hardware security module, or HSM, that is maintained by Facebook and unlocked only when the correct password is entered in WhatsApp.
An HSM acts like a safety deposit box for encrypting and decrypting digital keys.
Once unlocked with its associated password in WhatsApp, the HSM provides the encryption key that in turn decrypts the account's backup that is stored on either Apple or Google's servers.
A key stored in one of WhatsApp's HSM vaults will become permanently inaccessible if repeated password attempts are made. The hardware itself is located in data centers owned by Facebook around the world to protect from internet outages.
The system has been designed to ensure that no one besides an account owner can gain access to a backup, the head of WhatsApp, Will Cathcart, told The Verge.
He said the goal of letting people create simpler passwords is to make encrypted backups more accessible. WhatsApp will only know that a key exists in an HSM, not the key itself or the associated password to unlock it.
This move by WhatsApp comes as governments around the world like India, WhatsApp's largest market, are threatening to break the way that encryption works.
"We expect to get criticized by some for this. That's not new for us ... I believe strongly that governments should be pushing us to have more security and not do the opposite," Cathcart said.
This announcement by WhatsApp means that the app is going a step further than Apple, which encrypts iMessages but still holds the keys to encrypted backups; that means Apple can assist with recovery, but also that it can be compelled to hand the keys over to law enforcement.
As per The Verge, Cathcart said WhatsApp has been working on making encrypted backups a reality for the past couple of years, and that while they are opt-in to start, he hopes, over time, to "have this be the way it works for everyone."