Yesterday it was reported that WhatsApp had announced its implementation of end-to-end encryption of its messages. This is still in its initial phase and has been enacted on Android only. It also hasn’t been extended to group messages, videos and photos.
This development is an improvement of the IM platform’s privacy protections and makes it extremely difficult for anyone and even the team at WhatsApp to read users’ messages. It is reportedly the largest deployment of end-to-end encryption ever.
How does it work?
With this new encryption format WhatsApp messages will travel all the way to the recipients’ device before being decrypted, as opposed to just being encrypted between the user’s device and the respective server from WhatsApp.
All this is being made possible by an integration with open-source software called Textsecure. This software was developed by Open Whisper Systems, a non-profit with a focus on tech privacy.
The software scrambles messages with a cryptographic key that can only be accessed by the user. It does not leave the user’s device. This integration of Textsecure has been going on for half a year. It apparently started just after Facebook snapped up WhatsApp early this year.
Does it affect me in a big way? Are there any more security/privacy surprises from WhatsApp?
WhatsApp users need not fear though. The change is nearly invisible and has already been initiated on Android for a week now.
According to Moxie Marlinspike, Open Whisper System’s creator, WhatsApp is set to add a feature which allows users to verify each others’ identities based on their cryptographic key. It is meant to act as a defense against man-in-the-middle attacks result in conversations being intercepted.