Skip to main content

WhatsApp encryption makes it impossible for eavesdroppers

WhatsApp has implemented a new encryption system to protect messages sent by the 500 million users of the Android version of its app and make it neigh-on impossible for even the company itself to read messages.

The new end-to-end encryption system has been created in collaboration with Open Whisper System’s open source TextSecure software and it protects every message leaving a device by applying a cryptographic key that can only be accessed by the device owner.

“Whatsapp is integrating Textsecure into the most popular messaging app in the world, where people exchange billions of messages a day,” says Moxie Marlinspike, Open Whisper System creator told Wired. “I do think this is the largest deployment of end-to-end encryption ever.”

WhatsApp’s encryption differs from other systems that often only scramble messages as they travel from a device to the servers that then send the message on to the recipient.

The current version of TextSecure’s encryption for Android, only involves texts sent from one WhatsApp user to another and there are plans to add group, photo and video messages in the coming months. It also plans to bring it to new operating systems, such as Apple’s iOS, though it failed to give an accurate timescale on how long that will take.

TextSecure has been working on implementing the encryption ever since Facebook acquired WhatsApp in February for $22 billion [£14 billion] and it follows Apple’s decision to encrypt messages sent by iMessage.

The encryption used by iMessage doesn’t keep a record of the cryptographic keys connected to a certain user meaning that Apple can make up a new key the user is unaware of and intercept messages. Also, users could end up storing iMessages in iCloud and it doesn’t include the “forward secrecy” feature that creates a new key every time a message is sent.

Encryption has been criticised by government intelligence agencies around the world with the GCHQ boss Robert Hannigan describing US tech companies as a “command and control” network for terror groups.

Image Credit: Flickr (