WhatsApp Turns On End-To-End Encrypted Texts

Tom Jowitt is a leading British tech freelance and long standing contributor to TechWeek Europe

Fully encrypted Whatsapp messages a potential terrorist tool or just protection from GCHQ/NSA spying efforts?

Customers of WhatsApp, the hugely popular instant messaging app now owned by Facebook, can sleep easy that their text messages are finally secure.

The Android version of the popular mobile instant messaging app now comes equipped with end-to-end encryption, which should prevent any outside spying on the communications.

Encryption keyChequered Past

WhatsApp has a chequered past when it comes to security.

Earlier this year, a Dutch researcher warned that WhatsApp user chats on Android devices were highly vulnerable to theft because of an inherent flaw. Bas Bosschert warned that the flaw is caused by poorly secured encryption keys, as well as a design flaw within the Android OS itself.

Security concerns about WhatsApp have also been raised before. In October 2013 for example, a European researcher claimed that WhatsApp encryption did not work in a secure way and users should consider all their previous communications compromised.

However WhatsApp now seems to have tightened things up with full end-to-end encryption, at least for its Android users, as it seems Windows Phone and iOS users will have to wait. The encryption comes courtesy of Open Whisper Systems, the creator of the TextSecure encrypted text app, which was contracted to incorporate its technology into WhatsApp.

Unlike other encryption systems, which normally scramble the message only when it travels from the handset to the server, the TextSecure option keeps the encryption intact throughout a message’s journey from the sending handset to the receiving handset. This means that the message remains fully encrypted throughout its entire transmission, with no “in the clear” messages that can be intercepted by spy agencies.

“Today we’re excited to publicly announce a partnership with WhatsApp, the most popular messaging app in the world, to incorporate the TextSecure protocol into their clients and provide end-to-end encryption for their users by default,” blogged Open Whisper Systems.

“The most recent WhatsApp Android client release includes support for the TextSecure encryption protocol, and billions of encrypted messages are being exchanged daily,” it said, adding that TextSecure protocol support will be gradually added to other WhatsApp client platforms,

“The WhatsApp Android client does not yet support encrypted messaging for group chat or media messages, but we’ll be rolling out support for those next, in addition to support for more client platforms,” it said. “We’ll also be surfacing options for key verification in clients as the protocol integrations are completed.”

Terrorist Tool?

The development will likely trigger more concern among government spy agencies and law enforcement officials, who feel that the greater use of tough encryption makes it harder for them to track criminals and extremists.

The attraction of strong encryption techniques for those up to no good is clear. Syed Hussain for example, who was already serving time for helping to plot attacks against UK targets, got another four months earlier this year, when he refused to reveal the password for a USB stick the police and GCHQ were unable to crack.

WhatsApp is estimated to have 600 million monthly active users, and its users are said to produce billions of messages every day.

What do you know about Internet security? Find out with our quiz!