WhatsApp has rolled out full end-to-end encryption for all modes of communication, so every call you make, every message, photo, video, file, and voice message you send, is end-to-end encrypted by default, including group chats.
“Many messaging apps only encrypt messages between you and them, but WhatsApp’s end-to-end encryption ensures only you and the person you’re communicating with can read what is sent, and nobody in between, not even WhatsApp,†stated the company.
All messages are secured with a lock, and only the recipient and you have the special key needed to unlock and read them. For added protection, every message you send has its own unique lock and key. All of this happens automatically: no need to turn on settings or set up special secret chats to secure your messages.
“The idea is simple: when you send a message, the only person who can read it is the person or group chat that you send that message to. No one can see inside that message. Not cybercriminals. Not hackers. Not oppressive regimes. Not even us. End-to-end encryption helps make communication via WhatsApp private – sort of like a face-to-face conversation.”
WhatsApp users additionally have the option to verify the keys of the other users with whom they are communicating so that they are able to confirm that an unauthorized third party (or WhatsApp) has not initiated a man-in-the-middle attack. This can be done by scanning a QR code, or by comparing a 60-digit number. WhatsApp servers do not have access to the private keys of WhatsApp users.
It is worth pointing that there has been some confusion among users about the new QR code that comes with the encryption feature. Some users believe that it is necessary to scan the code in order to use the encryption. That, however, is not the case. Scanning the code is not a requirement to use the encryption. The feature is enabled automatically and is available to everyone.
The QR code and the 12×5 blocks of numbers displayed below are only made for verification that no third party is in between both receiving ends of the conversation. Users can scan the code and will see a green check mark verifying that both ends have the same decryption code, or a red one meaning that a third party is receiving messages of the conversation.
WhatsApp’s end-to-end encryption is developed in collaboration with Open Whisper Systems and those interested can read the technical explanation in the white paper here.
Regarding the new end-to-end encryption, WhatsApp co-founder and CEO Jan Koum said,
“Encryption is one of the most important tools governments, companies, and individuals have to promote safety and security in the new digital age. Recently there has been a lot of discussion about encrypted services and the work of law enforcement. While we recognize the important work of law enforcement in keeping people safe, efforts to weaken encryption risk exposing people’s information to abuse from cybercriminals, hackers, and rogue states.
While WhatsApp is among the few communication platforms to build full end-to-end encryption that is on by default for everything you do, we expect that it will ultimately represent the future of personal communication.
The desire to protect people’s private communication is one of the core beliefs we have at WhatsApp, and for me, it’s personal. I grew up in the USSR during communist rule and the fact that people couldn’t speak freely is one of the reasons my family moved to the United States.
Today more than a billion people are using WhatsApp to stay in touch with their friends and family all over the world. And now, every single one of those people can talk freely and securely on WhatsApp.”