WhatsApp Adds End-to-End Encryption To One Billion Users

With a Warning FTC Approves WhatsApp, Facebook Union

Move over Apple, WhatsApp with one billion users takes center stage in encryption debate.

The world’s largest online communications company WhatsApp, with one billion users, announced Tuesday it added end-to-end encryption to its entire platform. The move is seen as a major win for security and privacy advocates. It also shifts the encryption spotlight away from Apple and its battle with the FBI and thrusts the Facebook-owned WhatsApp center stage.

Co-founders of WhatsApp, Brian Acton and Jan Koum, announced the move on the company’s blog Tuesday stating it has implemented end-to-end encryption across its entire network for all mobile platforms.

“From now on when you and your contacts use the latest version of the app, every call you make, and every message, photo, video, file, and voice message you send, is end-to-end encrypted by default, including group chats,” wrote Acton and Koum.

WhatsApp has been slowly adding encryption to its platform since 2013, but Tuesday marks the completion of the company’s efforts bringing end-to-end encryption to its entire user base. WhatsApp worked with Open Whisper Systems to develop the encryption technology and will use the not-for-profit hacker collective’s Signal Protocol for WhatsApp clients.

“Over the past year, we’ve been progressively rolling out Signal Protocol support for all WhatsApp communication across all WhatsApp clients. This includes chats, group chats, attachments, voice notes, and voice calls across Android, iPhone, Windows Phone, Nokia S40, Nokia S60, Blackberry, and BB10,” wrote Open Whisper Systems founder, Moxie Marlinspike.

In an email interview with Threatpost, Marlinspike said that the version of encryption WhatsApp is using will have no back doors – meaning that WhatsApp would not be able to decrypt communication.

“WhatsApp is using the Signal Protocol, a modern, open source, forward secure, strong encryption protocol for asynchronous messaging systems, designed by Open Whisper Systems,” Marlinspike told Threatpost.

WhatsApp users will need to update their WhatsApp client software to take advantage of the end-to-end encryption. To help draw awareness to encryption, WhatsApp said, users will be alerted to encryption status on messages swapped between users. WhatsApp users will also be notified when those that they are communicating with are using the latest client that contains the new encryption technology. WhatsApp, however, will not be able to shield information about who you are texting with.

“The idea is simple: when you send a message, the only person who can read it is the person or group chat that you send that message to. No one can see inside that message. Not cybercriminals. Not hackers. Not oppressive regimes. Not even us,” wrote Acton and Koum.

WhatsApp’s end-to-end encryption stance comes on the heels of Apple’s battle with the FBI over access to an encrypted iPhone. The FBI put its court battle with Apple on ice on March 21. In February a federal magistrate ordered Apple to help the FBI access a phone belonging to one of the shooters involved in last December’s attack that killed 14 in San Bernardino, Calif.

WhatsApp is already in the hot seat over its encryption and will likely face further scrutiny inside and outside the US for its privacy stance. On March 1, Brazilian police arrested a Facebook’s vice president for Latin America because WhatsApp declined to help authorities provide messages sent by a criminal suspect.

Suggested articles