YASUYOSHI CHIBA/AFP/Getty Images

Update 09/05/2017: People backing-up WhatsApp conversations through iCloud will now benefit from the message encryption by default. First noticed by Forbes, the Facebook-owned messaging app added the protection to close a loophole in its security protections.

WhatsApp has confirmed the backed-up files are encrypted and it is believed the feature was introduced in late 2016 but wasn't spotted until now. This followed the introduction of end-to-end encryption for messages sent over its network earlier in the year.


Original story: 05/04/2017:

WhatsApp has turned on end-to-end encryption across all of its apps, the company has announced.

Read next The UK’s new lockdown rules (and local lockdowns) explained The UK’s new lockdown rules (and local lockdowns) explained

The Facebook-owned app, which has more than one billion monthly active users, has turned on the Signal Protocol, developed by Open Whisper Systems, by default. The open-source private messaging system, which has been supported by Edward Snowden, will protect group chats, attachments, voice notes, and voice calls made across WhatsApp on Android, iPhone, Windows devices and some Nokia and BlackBerry models.

The encryption method lets users see content that has been sent but does not allow service providers, such as WhatsApp itself, to access the content of the messages. "Starting today, users will see a notice in their conversation screen as their individual and group chats become end to end encrypted," Open Whisper Systems said in a blog post. "Additionally, the encryption status of any chat is visible under that chat's preferences screen."


WhatsApp's adoption of end-to-end encryption follows Apple's debate with the FBI over the unlocking of a terrorist's iPhone. During the dispute Jan Koum, WhatsApps' co-founder, said he supported Apple's position and admired its "efforts to protect user data". In March it was revealed WhatsApp had been targeted by court orders asking to access information it holds.

The Whisper blog explained there would still be unencrypted text on the WhatsApp network until everyone updated to the latest version of the software. When someone is using the end-to-end encrypted network, plain text will not be sent to them, even if they downgrade their software.

Whisper Systems


"Eventually all the pre-e2e capable clients will expire, at which point new versions of the software will no longer transmit or accept plaintext messages at all," Whisper said.

Users will also be able to verify their encrypted messages by scanning a QR code or reading a code aloud. This is to ensure messages are being sent and received by the correct users. The latest move means WhatsApp employees won't be able to access messages, even if they are ordered to do so by the courts.

According to reports, a team of 15 engineers from the company was involved in bringing end-to-end encryption to all WhatsApp users; and creating the fully-encrypted service didn't come without its challenges. Koum told WIRED US that the project had been in the works since 2014, with development nearly publicly announced in 2015 only for cross-platform compatibility problems to cause delays. "You need to build for a situation where somebody on Android can send a video to an S40 user. Or somebody on a Blackberry can send to a Windows phone," Koum said.