WhatsApp quietly encrypts iPhone messages backed up to iCloud

Sign up to our free weekly IndyTech newsletter delivered straight to your inbox

Sign up to our free IndyTech newsletter

Please enter a valid email address

Please enter a valid email address

SIGN UP

I would like to be emailed about offers, events and updates from The Independent. Read our privacy notice

WhatsApp conversations backed up in Apple’s iCloud are now protected by encryption.

The messaging app reportedly introduced the security measure in 2016, but only confirmed the move this week.

It’s designed to protect the privacy of iPhone users, and should make it harder for government agencies to access their messages.

WhatsApp conversations are protected by end-to-end encryption, a technique that scrambles content and ensures that nobody but the sender and the intended recipient can decipher it.

“Many messaging apps only encrypt messages between you and them, but WhatsApp's end-to-end encryption ensures only you and the person you're communicating with can read what is sent, and nobody in between, not even WhatsApp,” explains the company.

“This is because your messages are secured with a lock, and only the recipient and you have the special key needed to unlock and read them. For added protection, every message you send has its own unique lock and key.”

However, before the update, WhatsApp conversations backed up by iPhone owners using iCloud were stored in readable form.

Though iCloud accounts are encrypted, cyber criminals and authorities could have potentially accessed a WhatsApp user’s private messages by hacking or issuing a court order to Apple, which hold the decryption keys.

That avenue is now blocked by a second layer of protection.

“When a user backs up their chats through WhatsApp to iCloud, the backup files are sent encrypted,” a WhatsApp spokesperson told Forbes.

The news emerged after a company called Oxygen Forensics claimed to be able to get around the security measure, though only if it has access to a SIM card with the same mobile number as that of the targeted user.

It’s a welcome piece of news for privacy advocates, considering the government’s recent attacks on encryption.

A draft document leaked last week revealed that the UK government is secretly planning to force technology companies to build backdoors into their products, to enable intelligence agencies to read people’s private messages.

The measures would enable government agencies to spy on one in 10,000 citizens – around 6,500 people – at any one time.