Whatsapp Enables Encryption for 1 Billion Users

Following the newest update, Whatsapp is now enabling end-to-end encryption for all solo as well as group chats. In fact, not just your messages, but your photos and videos also can’t be read by anyone else.

This is especially important after the Apple vs. FBI row over unlocking an iPhone belonging to a shooter. Now even Whatsapp employees can’t pry into your conversations let alone governments.

The encryption-focused update for the popular messaging app was first announced by Whatsapp co-founder Jan Koum on his Facebook page, stating that it took his team two years to perfect this feature.


Here’s How End-to-End Encryption Goes Live on Whatsapp

How Does It Work?

Whatsapp says that it is using the Signal Protocol (made by Open Whisper Systems) to power its privacy-focused feature.

According to a paper released by the company, here is how messages are encrypted:

Clients exchange messages that are protected with a Message Key using AES256 in CBC mode for encryption and HMAC-SHA256 for authentication. The Message Key changes for each message transmitted, and is ephemeral, such that the Message Key used to encrypt a message cannot be reconstructed from the session.”

This also applies to calls and large file attachments made over Whatsapp.

How to Enable it?

Whatsapp enables the encryption setting once you’ve upgraded to the current latest version. Also note that even your pals and other fellow chatterboxes should be on the new version to enjoy fully-encrypted chats.

As seen in the picture above, you and the other user receive a message saying that “Messages you send to this chat and calls are now secured with end-to-end encryption. Tap for more info.”

Clicking this message gives you more information on how it works. For verification, Whatsapp offers users a QR code which can be used by you and your fellow chatting buddy to check if the conversation is encrypted. You can see matching codes and a green tick confirms that the session is secure. If not, you’ll be greeted with a red-colored exclamation mark.

Currently there’s no option to turn off the feature.

An update like this was much needed in a post-Snowden world where governments and other organizations are after your data for various reasons. Words like privacy have all but lost their meaning, if not for measures such as these. However, Whatsapp may have enabled end-to-end encryption for chats but it can still see who you’ve sent the message to. Apparently we have ways to go if we want to be truly anonymous in the age of social media and the internet.

Samir is the Head of Entertainment at Lens by ProPakistani. You can reach out to him at samir.ya...

    • WhatsApp is a part of Facebook and their large user base is the fundamental key to earn revenues… Complex but real business model.

    • Whatsapp used to charge $0.99/user/year in the past, but they recently announced changes in how they’ll generate revenue. From the article in FT (from January):

      Jan Koum, co-founder and chief executive of the messaging app acquired by Facebook for $22bn in 2014, told the DLD technology conference in Munich that WhatsApp is scrapping the 99-cent annual fee it charges consumers after a year. He said the company would instead focus on making businesses pay to connect with its 900m users.

      [I]n a blogpost, the company said it will test tools to allow users to communicate with organisations on the platform. “That could mean communicating with your bank about whether a recent transaction was fraudulent, or with an airline about a delayed flight,” it said, adding that it wanted to find a way of doing this in a way that did not rely on advertising.

      [T]here would be strong demand from companies to use WhatsApp as a business channel, given its huge popularity with consumers. In the UK, the service accounts for 9 per cent of the total time that people spend in mobile apps, according to Forrester Research.

      “You can’t interact with your customers only though your own apps, you need to be where the consumers are,” Thomas Husson, analyst at Forrester Research said.

    • whatspp DB (chat+pic/audio/vid) with encrypted are still vulnerable. One can easily crack it by remote accessing the android. And yeah same goes for icrap.

      • So, if I were to give you a phone number of an Android WhatsApp user somewhere on the globe, you’re saying you can access their phone and read their WhatsApp messages?

        Can you do that? I don’t think you can.

    • Metadata is not encrypted, the message itself is. Why is this a surprise? For WhatsApp to send your message to other users, it has to know who you are, and who the other users are. There’s nothing in your excerpt that shows that WhatsApp can read the message.

  • Being a Security Specialist and CEH, all i can say is “oh the irony”

    MD5 breaking is a joke these days and sha 2 will soon be vulnerable. Its just a matter of time. Don’t you see Denovu breathing the last breaths.

    Every man made things has flaws, time proves itself.

  • Ltd feature videos

    Watch more at LTD