On March 31st, WhatsApp silently rolled out an update in which they introduced end-to-end encryption of users’ chat history. That means that WhatsApp is now fully protected and messages, videos, photos sent over WhatsApp can’t be accessed by anybody else but the user. This encryption is applicable on Group chats and WhatsApp calls as well.
Launching this feature, WhatsApp founders Jan Koum and Brian Acton wrote on the official blog that:
We’re proud to announce that we’ve completed a technological development that makes WhatsApp a leader in protecting your private communication: full end-to-end encryption. From now on when you and your contacts use the latest version of the app, every call you make, and every message, photo, video, file, and voice message you send, is end-to-end encrypted by default, including group chats.
The idea is simple: when you send a message, the only person who can read it is the person or group chat that you send that message to. No one can see inside that message. Not cybercriminals. Not hackers. Not oppressive regimes. Not even us. End-to-end encryption helps make communication via WhatsApp private – sort of like a face-to-face conversation.
WhatsApp also released a White Paper explaining the process that takes place in order to provide end-to-end encryption to its users. The paper states that “clients exchange messages that are protected with a Message Key using AES256 in CBC mode for encryption and HMAC-SHA256 for authentication. The Message Key changes for each message transmitted, and is ephemeral, such that the Message Key used to encrypt a message cannot be reconstructed from the session.” It further confirms that attached files (multimedia, document etc.) and calls are also going to be encrypted.
But note one thing that this end-to-end encryption only works when your contact, whose chat you want to encrypt, also has the latest WhatsApp version otherwise you won’t be able to encrypt your messages with that particular person. If you have the recently updated version of app, and you start a chat with someone else (who also has the new version) you are likely to see a message saying, “Messages you send to this chat and calls are now secured with end-to-end encryption. Tap for more info.” On tapping you will see a popup explaining how this works and it will also give you an option to verify whether it works or not. When you choose to verify you will see a page with a QR code followed by a string of 60 numerical digits. Now take your friends phone, open the same page there you will see an option to scan the code. If the code matches then your chat is encrypted and if it doesn’t, it will show a red exclamation mark which means that your chat isn’t encrypted. So far we haven’t seen any failed verifications but if you encounter such issues then wait for some days as this update is still new so there might be certain bugs.