WhatsApp is the world’s leading messenger—with two billion users sending 100 billion messages each day, no other platform comes close. WhatsApp built its userbase by offering a secure alternative to SMS, popularizing the availability of end-to-end encryption. On the surface, security remains central to the WhatsApp proposition. “Privacy and security are in our DNA,” it says. But that’s a mantle that’s now slipping. Delve beneath those marketing messages, though, and WhatsApp is not as secure as you might think.
Nowhere is this more evident than for new iPhone 12 users right now. When you come to move your WhatsApp account from your old device to your new one, you’ll be directed to use WhatsApp’s iCloud backup option to transfer your message history, media and settings. But those backups are not protected by WhatsApp’s end-to-end encryption. It’s a serious privacy and security vulnerability—one that rivals iMessage and Signal have resolved.
In reality, the risk you run using this backup option is that you’ve given Apple a key to your message content—breaking the point of end-to-end encryption, which means your secure content can be provided to law enforcement if requested. It’s a genuine risk, albeit one that is unlikely to impact more than a small number of users. There’s a more serious risk, though, buried in WhatsApp’s settings. And this is one you need to do something about.
The irony here is that this security vulnerability was neatly highlighted by the latest security enhancement launched by WhatsApp. I first reported on the development of “disappearing messages” earlier this year—users can elect to automatically delete messages in any 1:1 chat or in groups where they have admin rights. That feature is now rolling out. Pitched as a security and privacy fix, it’s not really anything of the sort. While it may give some comfort to users that content won’t come back to haunt them, there are plenty of caveats.
If users reply to a “disappearing message” or forward it elsewhere, then the “disappearing message” will likely be quoted and that will not be deleted. Any backup before a message disappears will include it, albeit the message will disappear if the backup is restored. And there is obviously nothing to stop recipients screenshotting messages. Originally, it seemed that WhatsApp would offer a choice on the expiry period for disappearing messages—from as little as an hour to as much as a year. This would have offered better protection. By way of example, uber-secure Signal offers to autodelete after as little as five seconds.