WhatsApp Makes End-to-End Encryption the Default

By Kimberlee Morrison 


Whatsapp has received some criticism in the past over its security infrastructure, but CEO Jan Koum has always maintained that the service is dedicated to security and user privacy. Now, Whatsapp is making good on its promise by implementing strong end-to-end encryption.

The encryption method is based on the encryption code behind TextSecure and Redphone, which are apps that replace the default Android phone dialer and text-messaging service. The encryption for these systems was designed by OpenWhisper’s CTO Moxie Marlinspike, who has apparently been working with Whatsapp on this development since it was acquired by Facebook.

The security protocols provide end-to-end encryption, which means the only people who can see unscrambled messages are the end users. The system also uses “perfect forward secrecy,” which means not even Whatsapp could decode the messages if it tried, because each communication generates a new encryption key.

This technology has been switched on by default in the latest Android app update, so users don’t need to do anything to begin communicating securely. Users have repeatedly shown that even if they’re aware of security protocols, the barrier to use prevents them from acting in their best interests. By switching the encryption on by default, people are protected without even checking a box.

Whatsapp users are now protected against a large number of data mining and theft techniques. Other companies have been working on this kind of encryption for a long time, but Whatsapp is the first to bring it to a social networking platform with a large user base.

By providing this type of technology to users, without asking users to understand it, Whatsapp may show the industry just how secure it can become. This move could also show how to exclude the NSA and other agencies that wish to access customer data. While Apple’s iMessage also offers end-to-end encryption, the software Whatsapp is using is reportedly much stronger.

It’s another development that further proves that 2014 has been the year of cybersecurity.