How secure is your data on WhatsApp? Well, we answer all the top questions related to your privacy on the world’s most popular messaging application.
What is end-to-end encryption? Why should it matter to you?
WhatsApp’s end-to-end encryption feature essentially ensures that only the sender and receiver can read what has been sent. This means nobody in between, including WhatsApp, can read the message transmitted.
Basically, two keys, public and private, are generated when a user opens WhatsApp for the first time. The encryption process takes place on your smartphone. The private key remains with the user on the phone whereas the public key is transmitted through the server to the receiver. Then the public key encrypts the sender’s message on the phone even before it reaches the server.
WhatsApp says the server is only used to transmit the encrypted message. Only the receiver’s private key can unlock the message. No third party including WhatsApp can read the message.
“End-to-end encryption offers two important solutions: 1. No one, whether a hacker, a relative, the government or the application provider (WhatsApp) itself, can jack into your communications. 2. Even if the application provider’s (Whatsapp) server gets hacked, hackers will not be able to read the customers’ chats as each user’s chats are encrypted with different keys,” said Ankush Johar, Director at HumanFirewall.io, a human information security awareness and preparedness solutions provider.
WhatsApp has more than 200 million users in India. (WhatsApp)
Is your back-up data secured?
WhatsApp points out that the users are primarily responsible for their privacy when they choose to backup their data on iCloud or Google Drive.
“Basically, users have the ownership of their messages. When you perform a backup of your messages to third-party services, the data is not then on WhatsApp servers. We cannot read those messages. Backed up data are encrypted in transit including on iOS or Android, but it’s not end-to-end,” said Alan Kao, a Software Engineer at WhatsApp while addressing a Q&A session with the media on Monday. He also pointed out that Google and Apple take users’ privacy very seriously.
Should you use third-party apps to customise WhatsApp?
Many users like to use third-party apps to customise WhatsApp themes, icons and even font. These third-party apps give the monotonous WhatsApp a makeover, but it’s far from safe. A lot of users use third-party keyboard apps as well.
“We do take down third-party apps that pretend to be the official WhatsApp. In general, we recommend our users not to use third-party apps for WhatsApp as they compromise privacy and security,” Alan said.
On asked whether a third-party app can give access to someone else, Alan replied that it depends on the operating system. “If you’re using a third-party app that claims to change or modify WhatsApp’s Settings, you’re definitely putting your privacy at risk,” he said.
“One of the key points we’re trying to make is that the phone does the work to decrypt the message so it’s very important that user keep in mind about the security of their phone and know what is installed outside WhatsApp. Because, the messages cannot be read by anyone in transit but the phone has to be protected as well,” he noted.
WhatsApp has more than 200 million users in India. (WhatsApp)
On the issue of possible misuse or hacking through third-party keyboard apps, the WhatsApp engineer said that if a user has installed a keyboard app, which could potentially be vulnerable to hacking, WhatsApp cannot do much to protect the data. He further stressed that users’ messages are encrypted in the transit. That’s why it’s very important to use trusted applications, he added.
Ankush explains, “With the rise of WhatsApp came a lot of third-party applications like Whatsapp+ that gave WhatAapp users additional functionalities like hiding their “last seen”, tracking users when they are online, change fonts & wallpapers and much more.”
“The apps were distributed as modified versions of the WhatsApp APK (Android Package format used for installing apps manually) on 3rd party app stores.
