WhatsApp, the popular messaging service purchased by Facebook in February for $600 million, is about to get a major security upgrade. The app will have end-to-end encryption, meaning the contents of messages sent between users will be visible only to those users. The company won’t be able to see the data, and neither will Facebook. That means hackers can’t steal messages, and WhatsApp can’t turn data over to law enforcement – even if ordered to.
In order to provide this encryption, WhatsApp is partnering with Open Whisper Systems, a consortium of security developers and open-source coders, the company announced in a blog post on Tuesday.
The two companies have been working together for about six months – since just after Facebook bought WhatsApp – to bring strong encryption to all of the platforms on which WhatsApp runs. End-to-end encryption is turned on by default in the latest WhatsApp update for Android, and it will soon be available in the iOS client as well. Open Whisper Systems says it is “moving quickly towards a world where all WhatsApp users will get end-to-end encryption by default.”
WhatsApp users shouldn’t notice a change – the encryption will take place behind the scenes, without requiring any additional steps from the user. (In fact, the WhatsApp client for Android has already been silently encrypting users’ messages for the past week.) Moxie Marlinspike, the head of Open Whisper Systems, told Andy Greenberg at Wired that “ordinary users won’t know the difference ... It’s totally frictionless.”
The encryption relies on Open Whisper Systems’ TextSecure software, which uses a cryptographic key to encode the content of messages. The key is accessible only to the users involved in the conversation, and never leaves the phone or tablet being used to chat. Crucially, messages are encrypted all the way from one device to another (rather than being decrypted on WhatsApp’s servers). Right now, only individual chats are protected, but Open Whisper Systems says the new encryption scheme will soon be extended to cover group chats, photos, and media messages, as well.
Jan Koum, the company’s founder, says he has always been opposed to government eavesdropping. Mr. Koum, who grew up in the Soviet Union, told Wired UK in February that he hates government surveillance and that one of WhatsApp’s goals is to protect freedom of speech.
There are other encrypted messaging apps out there, such as Cryptochat, Silent Text, and Apple’s iMessage service, but WhatsApp will be the biggest once the updates are completed. If the partnership between Open Whisper Systems and WhatsApp is successful, all 600 million users of the service should be able to enjoy secure communications soon.