WhatsApp Offers End-to-End Encryption; Major Strike on Governments’ Surveillance Attempts?
Apparently, WhatsApp's most recent Android update carries a significant new feature, providing end-to-end encryption - something that no major texting app has offered as yet. This high level of WhatsApp encryption on Android devices comes thanks to TextSecure tool developed by Open Whisper Systems. The end-to-end encryption is enabled by default and essentially means that the messages transmitted between users would no longer be open to decryption at WhatsApp's end. Encryption is only available for private chats and not yet applicable on group chats or media messages. Along with adding more platforms, these will also be included in the upcoming roll outs.
The step is considered essential as WhatsApp carries the flag of being the foremost messaging app in the world. By featuring default encryption in the messages, WhatsApp is ensuring that messages are kept encrypted even if an attacker cracks the key in the future. This is ensured by the use of Open Whisper System's TextSecure protocol. TextSecure remains a popular tool for forward secrecy (new key for every new message), being a favorite in terms of security that it offers.
Default end-to-end Whatsapp encryption:
This new feature was first shared by a blog post on Open Whisper Systems sharing the details of the security mechanisms employed on the recently released update for Android. The feature will eventually also come to other platforms, however, no timeline is shared;
WhatsApp runs on an incredible number of mobile platforms, so full deployment will be an incremental process as we add TextSecure protocol support into each WhatsApp client platform. We have a ways to go until all mobile platforms are fully supported, but we are moving quickly towards a world where all WhatsApp users will get end-to-end encryption by default.
Other major apps, like Gmail and Facebook Chat also encrypt the messages, but not the end-to-end encryption, which is why the companies are able to hand over data to law enforcement when required. Apple's iMessage also claims to use end-to-end encryption, however, it doesn't offer forward secrecy which means if someone is able to crack a user's key, s/he can decrypt all the communications and not just the one message.
By adding the sender-to-receiver encryption, WhatsApp has taken its own servers out of this equation giving users a sense of both security and privacy in terms of surveillance and targeted attacks. However, a lot of bad PR that circulates Facebook keeps this encryption initiative under the radar too with users calling it to be a tactic by Facebook to promote users sharing more private data confidently. It is important to remember here that WhatsApp's founder Jan Koum popularly remained anti-government when it comes to surveillance. Koum's childhood was spent in 1980s' Soviet Ukraine under a totalitarian regime and he has promised at many instances that WhatsApp would never be the one to support government's snooping efforts.
Regardless of how secure this encryption remains in the coming future, it is quite a commendable effort as this is the largest deployment of end-to-end encryption ever giving hope to netizens that others too can adopt similar measures to keep user privacy at the forefront of tech development.