Wednesday, April 6, 2016

WhatsApp introduces end-to-end encryption: Six things you need to know

Last night, millions of users worldwide were greeted with a message in the chat section stating “Messages you send to this chat and calls are now secured with end-to-end encryption.” and with that we are pretty sure that many government organisations may have panicked. But to the casual WhatsApp user, there was a panic of a different type.
Clearly, WhatsApp could have put out a slightly longer explanation instead of the one above, that lead to mass panic with everyone trying to get on board the encryption bandwagon by trying to verify themselves on their chats.
WhatsApp did provide one on its blog (it’s lengthy and detailed) but here are few simple pointers that you need to keep in mind:
WhatsApp’s encryption is turned on by default for all users.
Users so far have no choice to opt out of the encryption for now (considering the number of encryption cases popping up worldwide, we are pretty sure nobody would want to opt out). As long as you have an updated version of the WhatsApp app on your supported mobile platform, you and your friends can now enjoy the perks of secure and end-to-end encrypted conversations turned on by default without any extra taps.
How do I know that encryption is switched on?
Well you simply tap on the profile or the info page(tap on the name in the header) of your contact, where you will find a section describing the status of the encryption of your chats and calls.
WhatsApp Encryption Point on Android
WhatsApp Encryption on Android.
WhatsApp Encryption Point on iOS
WhatsApp Encryption on iOS.
The latest version of Whatsapp app
No matter which platform you are on, you may have noticed a slew of updates (like on iOS) that claimed “Bug fixes” coming in the past few days. Indeed, this was the WhatsApp team making a couple of tweaks, with most of it coming from the server side and some for a user’s smartphone. With that said, you and your friends will need update their respective WhatsApp apps on their respective smartphones that run different mobile operating systems (Android, iOS etc.). If your friend has not updated their app to the latest version you will be notified about the same in the info page under encryption.
The verification mess
Upon accessing the info page, you will be able to check on the status of your encryption. The point to be noted here is that it is turned on by default, meaning you do not need to go any further.
WhatsApp Encryption How to verify on iOS
To Verify, click on Encryption in Info page and then hit the Scan Code button.
Only those who updated their app later or changed their smartphone after the time the encryption was rolled out who will need to access this area to verify (or check) whether their encryption is working or not (in all probability it will be, but more on that in our next pointer). So for the most of us, we will not need to tap on the Encryption section.

It is still a bit of a mess
Even though most will not need to access the Encryption section on the info page, users may have noticed that some of their friends even with their updated versions of the app still show that their messages are not encrypted. While the WhatsApp states that their apps may not be updated to the latest one, we think that this is a bug. We tested out the same in our office and with one iOS user connecting to an Android user, things worked fine.
WhatsApp Encryption problems
With another Android user however, it kept showing encryption turned off even though the iOS user was greeted with a chat encryption turned on message. This could either be a bug, or its just that the feature is gradually rolling out server side, so there is absolutely no indeed no need to panic.
End-to-end encryption
End-to-end encryption on WhatsApp applies to everything or every feature that is available on WhatsApp. Whether it’s calls, messages, photos, videos, files, and even voice messages, all of them will be encrypted. So technically nobody apart from you or your friend will be able to understand them. In transit from one device to another the data will only appear to be garbled text without the keys to put that text together, which resides on devices being used to communicate. Moreover, there are separate keys for each conversation or chat so WhatsApp has provided something really secure indeed.