WhatsApp announced on Friday it will be offering its users end-to-end encrypted backups later this year.
Users will have a choice for how the encryption key used is stored.
The simplest is for users to keep a record of the random 64-digit key themselves, akin to how Signal handles backups, which they would need to re-enter to restore a backup.
The alternative would be for the random key to be stored in WhatsApp’s infrastructure, dubbed as a hardware security module-based (HSM) Backup Key Vault that would be accessible via a user-created password.
“The password is unknown to WhatsApp, the user’s mobile device cloud partners, or any third party. The key is stored in the HSM Backup Key Vault to allow the user to recover the key in the event the device is lost or stolen,” the company said in a white paper [PDF].
“The HSM Backup Key Vault is responsible for enforcing password verification attempts and rendering the key permanently inaccessible after a certain number of unsuccessful attempts to access it. These security measures provide protection against brute force attempts to retrieve the key.”
For redundancy purposes, WhatsApp said the key would be distributed through multiple data centres that operate on a consensus model.
WhatsApp said it would only know that a key exists in its vault, and would not know the key itself.
The backups would store message text, as well as photos and videos received, WhatsApp said.
“The backups themselves are generated on the client as data files which are encrypted using symmetric encryption with the locally generated key,” the Facebook-owned company said.
“After a backup is encrypted, it is stored in the third party storage (for example iCloud or Google Drive). Because the backups are encrypted with a key not known to Google or Apple, the cloud provider is incapable of reading them.”
Earlier this year, WhatsApp delayed enforcing a take-it-or-leave-it update to its privacy terms until May.
WhatsApp originally presented users with a prompt to accept its new privacy terms by February 8, or risk not being able to use the app. In the wording used, WhatsApp said the policy would change how it partnered with Facebook to “offer integrations”, and that businesses could have used Facebook services to manage WhatsApp chats.
By June, WhatsApp eventually dumped its update plans.