When sending a message between users via the platform one person’s phone sets up an encryption while the other holds the key to the sent message
WhatsApp has warned its users that if they back up their messages on Google Drive they will no longer be subject to the WhatsApp encryption process and messages could be potentially read by anyone.
The Facebook owned freeware voice and messaging service offers its users end-to-end encryption, partly constructed using the security protocol developed by Open Whisper Systems the developers of the secure messaging app Signal.
At the start of last month Google and WhatsApp finished negotiations that allow android users to store their WhatsApp data on Google Drive without having it count towards the storage limit on their Google Drive.
Unfortunately WhatsApp have informed their users that if they do choose to use the drive, then the end-to-end encryption the platform offers will no longer be applicable to said data.
When sending a message between users via the platform one person’s phone sets up an encryption while the other holds the key to the sent message.
However, once the message leaves the platform or your device, for example to be saved in a cloud, it is no longer part of the end-to-end encryption process and is in a readable format.
Given how WhatsApp’s encryption process works it seems like the company has included a ‘don’t give out to us if it goes wrong’ warning in their recently updated FAQ on Google Drive which states: “Important: Media and messages you back up aren’t protected by WhatsApp end-to-end encryption while in Google Drive.”
If you are using WhatsApp’s service for non data sensitive messaging then utilising this deal with Google Drive is a good way to have reassurance that all your chats and data are recoverable in the event of phone loss.
Some companies have banned their employees using the platform as they believe that it is too risky a service given the recent privacy rules and GDPR regulations that have been rolled out by the European Union.
Car industry supplier Continental has told its employees that they should no longer use the service for work stating that: “In the company’s opinion, these services have deficiencies when it comes to data protection, as they access a users’ personal and potentially confidential data such as contacts, and thus the information of third parties who are not involved.”
“In the case of WhatsApp, access to the contact list cannot be restricted. The responsibility for complying with data-protection laws is therefore shifted onto the users of this app.
Continental’s CEO Dr. Elmar Degenhart, adding to the statement that: “We think it is unacceptable to transfer to users the responsibility of complying with data protection laws. This is why we are turning to secure alternatives.”
Morten Brogger CEO of Wire an end-to-end encrypted messenger service and competitor to WhatsApp commented in an emailed statement that: “Given how much sensitive data employees share over WhatsApp it’s very simple – it should not be used by businesses full stop.”
“Sensitive information backed up without the protection of end-to-end encryption is clearly not just privy to WhatsApp and it’s owner Facebook, and to Google, it is also available for governmental entities, hackers and anyone with sufficient skills and time. Any company using WhatsApp for business use is jeopardising compliance with GDPR.”
Computer Business Review Contacted WhatsApp in relation to this story but received no reply.