WhatsApp completes end-to-end encryption rollout. Company is updating its messaging app so that every text message and voice call will be encrypted for the company’s one billion users. Yes, Whatsapp has finally implemented full end-to-end encryption, as promised a year ago. From now every message, image or voice call you made will be secured by end-to-end encryption so that only you and the person you’re communicating with can read the content of the message, and nobody in between, not even WhatsApp. If government forces or compel to decrypt the message, WhatsApp Wont be able to decrypt it. W.E.F April 05 2016, you will see a notification on your WhatsApp conversation screen as your messenger becomes end-to-end encrypted.
What is end-to-end encryption and how exactly does it work in WhatsApp?
End-to-end encryption means the content of communications are not stored in plaintext on WhatsApp’s servers. Nor is the company able to decrypt users’ messages to access them since it does not hold the encryption keys. So WhatsApp will be unable to be compelled to hand over messaging data — even if served with a warrant by authorities demanding access.
WhatsApp is using “The Signal Protocol”, designed by Open Whisper Systems, for its encryption. In its White Paper, explaining the technical details of the end-to-end encryption, WhatsApp says that “once the session is established, clients do not need to rebuild a new session with each other until the existing session state is lost through an external event such as an app reinstall or device change.” The paper explains how messages are encrypted as well. It reads, “clients exchange messages that are protected with a Message Key using AES256 in CBC mode for encryption and HMAC-SHA256 for authentication. The Message Key changes for each message transmitted, and is ephemeral, such that the Message Key used to encrypt a message cannot be reconstructed from the session.” It also says that calls, large file attachments are end-to-end encrypted as well. Note that the ever-changing message key can mean a delay in some messages getting delivered, according to the paper. It should be noted that feature is enabled by default in WhatsApp, which means that if you and your friends are on the latest version of the app, all chats will be end-to-end encrypted. Unlike say Telegram where users have to start a secret chat to enable the feature, WhatsApp has the feature on at all times. Users don’t have the option of switching off end-to-end encryption. Users need to be on the same versions of WhatsApp to ensure that their chats get end-to-end encrypted. If you’ve recently updated the app, and you start a chat with someone else (also on the new version) you are likely to see a message saying, “Messages you send to this chat and calls are now secured with end-to-end encryption. Tap for more info.”
WhatsApp co-founder Jan Koum announced the update on his Facebook page, stating that the company has been working on the feature for the last two years. Koum wrote, “We’ve been working for the past two years to give people better security over their conversations on WhatsApp… People deserve security. It makes it possible for us to connect with our loved ones. It gives us the confidence to speak our minds. It allows us to communicate sensitive information with colleagues, friends, and others. We’re glad to do our part in keeping people’s information out of the hands of hackers and cyber-criminals.”
However, there is one point to be noted-“if several users are sending texts in a group chat and one of the users is running an older version of WhatsApp that doesn’t support encrypted messages, all the conversation going through that group chat will remain unencrypted”.