Whatsapp Security: End-to-End Encryption

The word ‘end-to-end encryption’ (E2EE) has entered the mainstream lexical usage and is no longer restricted to geeks thanks to WhatsApp, which has made it popular and has taken it to over a billion users worldwide. It has become part of our day-to-day digital life because it is the definitive protection system that protects our personal data (messages, etc.) so that only the sender and the receiver can read it on to the other end. No-one else can snoop and read the encrypted data, including the hackers or the police.

Privacy and security are in our DNA, which is why the encryption is end-to-end. Your notes, images, videos, voice messages, documents, status updates, and calls are safe from falling into the wrong hands while encrypted from end to end.

End-to-end encryption from WhatsApp means that only you and the person you’re talking with can read what’s being sent, and no one in between, not even the WhatsApp. Your messages are secured with locks, and you only have the receiver and the special keys to open and read your messages. Every message you send comes with a unique lock and key for added security. This all happens automatically: To encrypt your messages, no need to turn on settings or set up special hidden chats.

Important: End-to-end encryption is always activated. There’s no way to turn off end-to-end encryption.

whatsapp-security-cheat-sheet

Security by Default

End-to-end encryption of WhatsApp is available when you use our app, as well as the people you share. Many messaging apps encrypt only messages between you and them, but the end-to-end encryption of WhatsApp means that only you and the person you’re interacting with can read what’s being sent, and no one in between, not even WhatsApp.

This is because your messages are locked with a lock, and you only have the receiver and the special key you need to open and read. Each message you send comes with its own unique lock and key for added security. All this happens automatically: there’s no need to turn on settings or set up special hidden chats to protect messages.

Speak Freely

WhatsApp Calling lets you communicate with your friends and family, even if they’re in a different world. As for your messages, WhatsApp calls are encrypted end-to-end so that WhatsApp and third parties are unable to listen.

Messages that Stay with You

You will keep your messages in your pockets. That’s why, once we send them, WhatsApp does not store the messages on our servers, and end-to-end encryption means that WhatsApp and third parties can not read them anyway.

Get the Details

Read a detailed technical overview of the end-to-end encryption of WhatsApp, developed in collaboration with Free Whisper Systems.

How does end-to-end encryption work?

WhatsApp’s end-to-end encryption means that what is sent can only be read by you and the person you communicate with. No one, not even WhatsApp, can read the messages in between. Messages are encrypted, and only the recipient has the special key to open and read the messages. WhatsApp uses Open Whisper Systems-developed Signal Protocol.

The steps below explain how E2EE works when two people interact on WhatsApp.

  1. When the user first opens the WhatsApp two different keys are created (public & private). The cycle of encryption is based on the phone itself.
  2. The private key will stay with the recipient, while the central WhatsApp server passes the public key to the receiver.
  3. Just before it hits the centralized server, the public key encrypts the sender message on the phone.
  4. The server is used only to relay the encrypted code. The message can be opened only by the receiver’s private key. No third party can intercept and read the message like WhatsApp.
  5. When a hacker tries to access and read the messages, the encryption will result in them fail.

What’s on the contact info panel of the “Verify Security Code” app?

That of your chats has its own security code to check that the end-to-end encryption of your calls and of the messages you send to that chat.

Note: The verification process is optional and will only be used to ensure that the messages you send are encrypted from end to end.

This code can be used both as a QR code and as a 60-digit number on the contact info pad. Such codes are unique to each chat, and can be matched between people in each chat to check the end-to-end encryption of the messages you send to the chat. Security codes are just available versions of the special key exchanged between you-and don’t worry, it’s not the actual key itself, which has always been kept.

To verify that a chat is end-to-end encrypted
1. Open the chat.
2. Tap on the name of the contact to open the contact info screen.
3. Tap Encryption to view the QR code and 60-digit number

whatsapp-security-code

When you are physically next to each other and your touch, one of you will scan the QR code of the other, or compare the 60-digit number visually. When you scan the QR code, and the result is exactly the same, a green check mark appears. You can be sure that no one is intercepting your texts or calls as they suit.

If the codes don’t match, you are probably scanning a different contact’s code, or another phone number. If your contact has reinstalled WhatsApp or changed phones recently, we recommend that you refresh the code by sending them a new message and scanning the code afterwards.

If you are not physically close to one another and your touch, you can give them the 60-digit number. Let your contact know that you will write it down after they obtain your code and then visually equate it to the 60-digit number that appears on the contact info screen under Encryption.

Are my End-to-End messages and calls encrypted?

All messages and calls from the WhatsApp are encrypted with end to end encryption. It’s important to note, though, that many people in that company can see your messages when you contact a company. A business may employ another company to manage its communications-to store, read, or respond to your messages, for example.
The business with which you communicate has a responsibility to ensure that it manages your communications according to its privacy policy. Please contact the firm directly for more details.

How is WhatsApp offering end-to-end encryption, and what does it mean to keep people safe?

Security is key to WhatsApp’s operation. In 2016 we completed the introduction of end-to-end encryption for all messaging and calling on WhatsApp so that nobody, not even us, has access to your communication information. Online protection has been much more important ever since.

WhatsApp does not have the ability to view the content of the messages or to listen to WhatsApp calls. That is because messages sent on WhatsApp are encrypted and decrypted entirely on your computer. It’s encrypted with a cryptographic lock, and only the recipient has the keys, before a message ever leaves your computer. Additionally, any single message that is sent changes the keys.

Of course, people have wondered what end-to-end encryption means for the law enforcement job. WhatsApp appreciates the work being undertaken by law enforcement agencies to keep people safe across the globe. We carefully evaluate, verify and respond to requests from law enforcement based on relevant law and policy and prioritize responses to requests for emergencies.

 

Your content