Thought Using WhatsApp is Secure? This One Flaw Can Compromise All Your Messages
WhatsApp has been squarely billing itself as a secure messaging service to rival the likes of Telegram and Signal. However, it has been noted to sport significant privacy breaches, one of which has reportedly been unearthed recently. The issue in question is linked to the way WhatsApp for iOS backs up messages by default – which is set to iCloud Drive by default. According to a report, while WhatsApp offers you end-to-end encryption when you use it through the app, WhatsApp backups to iCloud Drive do not offer the same encryption standard. As a result, any security vulnerability in iCloud can potentially compromise all your secure chats.
The security breach in question has more implications than just your casual chats being compromised. What the Drive vulnerability represents is a security backdoor into the apparently failsafe end-to-end encryption, using which lawmakers can exploit the breach and gain access to personal conversations. Not using the same end-to-end encryption standard that WhatsApp uses to protect all messages means leaving a copy of your security key with Apple’s drive, and even though Apple has a general reputation for better protecting user privacy, it is by any means a clear breach of privacy for an app to take your data seriously, but leave entire copies of it unprotected.
Alongside this, WhatsApp’s apparent security oriented ‘disappearing messages’ feature has also been facing considerable criticism for a rather half baked implementation. To begin with, there are questions regarding how secure these disappearing messages would be, and if they would at all disappear if the messages are quote-replied to. Furthermore, these messages would get stored in your iCloud backup, should you make a copy of all your conversations just before deleting your messages. WhatsApp has also failed to impose screenshot restrictions on your messages, which is admittedly a complicated topic – but at any rate, the lack of a proper security protocol completely ruins the purpose of a disappearing message.
With these factors combined, WhatsApp’s security flaws are undoing the very essence of the end-to-end encryption feature that it so proudly flaunts against secure messaging rivals across platforms. Going forward, it remains to be seen how WhatsApp reacts to this, and the steps that it adapts to address such security concerns.