7

WhatsApp has end-to-end encryption, promising privacy to users.

However, it becomes useless if backups to Google Drive are unencrypted. Our supposedly private data goes to the control of Google.

No problem, I can disable the backup. But, what about all the people I talk to? Google still holds most of my conversations, unencrypted.

This seems to be a useless/tricking/lying design, done in purpose to ensure they keep control of the users. (and keep in mind that Whatsapp reminds me MANY times to enable the Backup)

I understand that as soon as I send a message to another person, they can take screenshots, show to other people, etc. I understand that risk. However, not encrypting backups just makes it way easier for the messages to be even more exposed.

Question is - I'm sure WhatsApp could encrypt backups to Google if they wanted (e.g. require a passphrase to users, or at least have that option and recommend users to use it). Why does WhatsApp not do that?

Messages and media backed up in Google Drive are not protected by WhatsApp end-to-end encryption.

"Messages and media backed up in Google Drive are not protected by WhatsApp end-to-end encryption."

EDIT - This is not a duplicate of Does backing up WhatsApp on Google Drive expose messages?

I'm asking WHY WhatsApp doesn't implement backup encryption. I already know that backing up to Google Drive exposes messages, so it's not the same question.

Nuno
  • 215
  • 2
  • 7
  • 1
    Based on https://security.stackexchange.com/questions/136072/how-can-whatsapp-restore-local-or-google-drive-backups?rq=1 , messages are encrypted when saved to Google Drive. Do you have evidence that this has changed over the past 3 years? (I admit it's possible however unlikely, but I would be worried if they did because it's an intentional downgrade of security, rather than just being negligent.) – Ghedipunk Jun 18 '19 at 22:33
  • @Ghedipunk - the evidence is in the screenshot I posted, which says "Messages and media backed up in Google Drive **are not protected by WhatsApp end-to-end encryption**." – Nuno Jun 19 '19 at 07:03
  • 4
    Also, WhatsApp can restore the backup on a new device, which means either it's not encrypted or WhatsApp itself has the key, which defeats the purpose anyway. – Nuno Jun 19 '19 at 07:05
  • 1
    Possible duplicate of [Does backing up WhatsApp on Google Drive expose messages?](https://security.stackexchange.com/questions/163152/does-backing-up-whatsapp-on-google-drive-expose-messages) –  Jun 19 '19 at 09:34
  • @Ian - How is that a duplicate? I'm asking WHY WhatsApp doesn't implement backup encryption. I already know that backing up to Google Drive exposes messages, so it's not the same question... Can you please remove the duplicate banner? Thanks. – Nuno Jun 19 '19 at 09:37
  • 1
    Stupid edit function. I had this to add: We cannot possibly answer the 'Why' question, as that's a matter for the commercial agreement between Google and FB (and there was an agreement for whatsapp backups to not count to your GoogleDrive Quota in 2018). Imagine Google potentially would not have agreed to that if Whatsapp allowed a separate encryption key. I still think it's a duplicate; an actual answer is impossible, we will never know. If you're really that bothered, use Signal. –  Jun 19 '19 at 09:37
  • 1
    "not end-to-end encrypted" does not mean "not encrypted at all" –  Jun 19 '19 at 12:18
  • @MechMK1 If WhatsApp is able to restore the backup when we get a new phone, then it means that they hold the key. So, it defeats the purpose of being "encrypted" (if it's even encrypted). – Nuno Jun 19 '19 at 12:48
  • The App knows the content of your messages, because it has to display it to you. –  Jun 19 '19 at 18:13
  • Yes, but the app shouldn't be able to decrypt the backup unless I provide a passphrase. If I don't have to provide a passphrase, it means Facebook or Google hold the key. This is basic encryption understanding. – Nuno Jun 19 '19 at 20:34

4 Answers4

5

'Why does Google not encrypt your Whatsapp messages'?

As mentioned briefly in the comment above, it is something that we will never really know, unless privy to the agreements between FB and Google.

We can speculate though:

Google makes it's money from data and information. The more information it gathers, the more opportunities it has to make money. Very similar business model to FB in that respect.

Google can also comply with court orders to turn over information if asked. If they used zero-knowledge encryption, they would not be able to do that. I imagine that would make LE very unhappy.

An actual answer is impossible, I'm afraid. If you want to be sure your messages are not copied, or used for marketing or whatever, install Signal and encourage all of your friends to do so. Good luck. It's an uphill battle to fight the inertia of WhatsApp!

  • Yeah. I've already stopped using Skype and FB Messenger with everyone, because these hold everything in their servers. I was trusting WhatsApp, but obviously I cannot anymore. I'm using self-hosted Matrix/Riot with some people already. Signal is something I'll be considering as well (I didn't consider before, since none of my friends use it). People need to become more aware of privacy. – Nuno Jun 19 '19 at 09:58
  • Good call recommending Signal, for those who are wary of Signal's continued credentials, I would also recommend Threema for absolute top notch (as far as possible with a third party) encryption of your data. – Martin Sep 24 '20 at 15:42
2

Do not confuse end-to-end encryption with the generic idea of encryption.

Encryption: you make the contents of a file visible to a restricted audience, probably including yourself

End-to-end encryption: you create a scheme so that other people having conversations will encrypt messages each other but you make yourself, the owner of the schema, unable to decrypt them even under threat or legal warrant.

One peculiarity of the end to end encryption in messaging applications is that if you lose/brick/format/break your device you are unable to decrypt new messages, as you must generate and distribute new keys. This property would make backups useless if retained.

That is why you must give up e2e encryption. I am not saying that you give up encryption. Theoretically, WhatsApp Inc. (Facebook Inc.) can implement an encryption scheme so that backups are encrypted using a key they own, and Google Inc. cannot read data. That would make Facebook Inc. again vulnerable to court orders to surrender the secret keys to read backups.

usr-local-ΕΨΗΕΛΩΝ
  • 5,310
  • 2
  • 17
  • 35
  • Like I said, WhatsApp could ask users to input a passphrase for backups, rather than Facebook owning the passphrase. I'm not confusing e2e with generic encryption. I know the difference well. That was not my question. – Nuno Jun 19 '19 at 07:26
  • 2
    @Nuno, your question asks why they don't have _any_ encryption at all, though. They do have encryption; it's just not secured in a way that meets your needs and standards, since they're generating the key themselves and keeping it on their servers. While it's most definitely your duty to evaluate whether WhatsApp's storage of your messages at rest meets your standards, it's also right to do what this answer does: point out that, while they may not meet your standards, the messages are encrypted at rest contrary to what your question claims. – Ghedipunk Jun 19 '19 at 16:01
1

WhatsApp does encrypt chat backups before storing them to Google Drive. But they are not encrypted using Signal's end-to-end encryption protocol. Signal protocol is not designed to encrypt data at rest. It is designed to encrypt messages in transit. WhatsApp chat backup msgstore.db.crypt12 is a sqlite database file which is encrypted using AES-GCM-256. This file is then uploaded to Google Drive.

Media attachments are not stored within chat backup. Chat backups only store their file name, timestamp, size of attachment, type of media, thumbnail and forwarded count. Media elements are stored unencrypted locally and on Google Drive.

See How does WhatsApp encrypt chat backups

defalt
  • 6,231
  • 2
  • 22
  • 37
-1

Reasons i can think of:

  1. Usability: if the backups are encrypted, the user has to store a password. And it has to be a good one, so you cant really let the user choose it either. That means most of the users wont even be able to access their own backups. Thats just how it is.

  2. Its on purpose: so that most messages can be accessed by the NSA.

I guess its the latter. Whatsapp is now introducing self-destructing messages, but only for group chats What i will do is: Only use group chats, even in 1:1 chats. Then set self-destruction time.

They could also just make an option to opt-out of backups, so that chats with you arent included in other peoples backups. But they dont.

MartinS84
  • 1