Understanding WhatsApp and its end-to-end encryption for privacy, security

WhatsApp is one of the most commonly used instant messaging service, with a global user base of more than two billion. This Facebook-owned platform has around 400 million users in India, and that makes the country one of its biggest markets. Once a basic messaging platform, WhatsApp now supports video calling, file sharing, voice messages, etc, and boasts end-to-end encryption for privacy.

One of WhatsApp’s key features is end-to-end encryption, which means the messages sent using WhatsApp are visible only to the sender and receiver of the message. On paper, WhatsApp seems to be a secure instant messaging platform with privacy at its core. However, the recent incidents where chat details of several Bollywood personalities have allegedly been leaked have brought back questions around WhatsApp’s privacy and security.

What is end-to-end encryption?

Encryption is the process by which a piece of information is scrambled and randomised using mathematical formula such that it could be deciphered only by the device it is meant for. Encryption is done using an algorithm that transforms data into random text with no meaning. This encrypted data is secured by an encryption key which unlocks the coded data and turns it back into its original form. In an end-to-end encryption, the data is encrypted on the host device and it turns back to its original form on the recipient device through an encryption key. The process works in the background, so both the sender and receiver see the information in its original form. The end-to-end encryption makes it impossible for anyone other than the sender and the receiver to read or access the data.

WhatsApp’s end-to-end encryption

WhatsApp enforced end-to-end encryption on its platform in 2016. The company had said in a blogpost: “From now on when you and your contacts use the latest version of the app, every call you make, and every message, photo, video, file, and voice message you send, is end-to-end encrypted by default, including group chats.”

WhatsApp's end-to-end encryption is activated by default. According to a WhatsApp blogpost, “WhatsApp's end-to-end encryption ensures only you and the person you're communicating with can read what is sent, and nobody in between, not even WhatsApp. This is because your messages are secured with a lock, and only the recipient and you have the special key needed to unlock and read them. For added protection, every message you send has its own unique lock and key. All of this happens automatically: no need to turn on settings or set up special secret chats to secure your messages.”

Is WhatsApp’s end-to-end encryption secure

Though the chats and calls on WhatsApp are secured by the means of end-to-end encryption, there have been anomalies in its app in the past that have led to breach of system. In 2019, Israel-based NSO Group allegedly exploited a vulnerability in the app to load spyware on to a phone through a video call using a spyware software named Pegasus. It was reported that the tool had the potential to allow hackers to load spyware through video call, even if the person never answered the call. WhatsApp had filed a lawsuit against the Israeli firm, alleging it was behind the cyber-attacks.