If you are a WhatsApp user and have been backing up your data on Google Drive, you are in for a nasty surprise. Because it turns out that none of this data is protected by WhatsApp’s end-to-end encryption.
WhatsApp was lauded when it introduced end-to-end encryption across its entire platform back in 2016. Since then, despite some setbacks, they have enjoyed a surge in users attracted by a widely used and yet secure messaging service.
The new deal between WhatsApp and Google
Using services like WhatsApp can see you building up large amounts of data in conversations, shared files and photos and so on. For a while now, WhatsApp has offered a Google Drive backup feature, which enabled users to save all this data to their cloud storage.
Up until now, this data counted against your Google Drive capacity, but a newly-announcement agreement between Google and Facebook (who own WhatsApp), which was revealed earlier this week, means that from November 12th, this will no longer be the case.
After that, WhatsApp users will be able to store as much data from the app to their Google Drive as they like, with none of it counting against their data limit.
That all sounds great and if you use both WhatsApp and Google Drive it seems like a no-brainer. Many WhatsApp users might have even been tempted to sign up for Google Drive just to take advantage of the offer.
But, as is so often the case, the devil is in the detail, and one small point, which has been somewhat hidden away, should now put many of them off.
Stored WhatsApp data is not encrypted
Because it turns out that none of the data that your back-up to Google Drive is not protected by WhatsApp’s end-to-end encryption.
Neither WhatsApp nor Google saw fit to explicitly state this in their announcement or indeed any of the main web pages promoting the new agreement. Instead, it has come to light in an update on a WhatsApp help page.
Hidden half-way down this FAQ page is a small section which states, “Important: Media and messages you back up aren’t protected by WhatsApp end-to-end encryption while in Google Drive.”
Why does this matter? Well, if you use WhatsApp to ensure that private messages, possibly containing sensitive information, are secure, it rather defeats the objective if that data is then being stored, without that end-to-end protection, on a cloud storage server.
It essentially means that WhatsApp is only as secure as Google Drive. And while they do offer some security, it is nowhere near as robust as the end-to-end security of WhatsApp.
Google Drive does encrypt files on the server side. However, unlike WhatsApp’s end-to-end encryption, they hold the keys to this encryption and are therefore able to unlock and access your data if they choose to do so.
This means that, should they receive a demand from law enforcement or government agents, they would be willing and able to hand over the contents of your WhatsApp conversations.
Given the pressure that services like WhatsApp have come under to break their encryption by various governments around the world, some conspiracy theorists might look upon this as a clever attempt to comply with these demands.
How to keep your WhatsApp data encrypted and secure
But fortunately for WhatsApp users, they still retain the power to control their own data. After all, the Google drive back-up feature is not compulsory.
Users can choose not to sign up for. And if they already have, they can switch it off easily by going to Options > Chats > Chat Backup and changing the setting. Once data has not been backed up for more than a year, it is automatically deleted by Google Drive.
If you still want to back up onto Google drive, you do have to trust Google not to access their data. But you can also tweak a few settings to make it much less likely that your Google drive can be hacked.
Ensure that your Google Drive is protected with a strong password and then enable the two-factor authentication feature. Google claims that once you have done this, it is almost impossible to hack into Google Drive.
But our recommendation would be to not take the risk with Google Drive. The way this announcement has been made is extremely disingenuous and has to raise questions about the motivations of both Google and WhatsApp.
If you absolutely have to back up your WhatsApp conversations, we would suggest backing up onto an encrypted hard drive, which allows you to retain total control of who has access to your private WhatsApp conversations, shared files, and data.