WhatsApp says backups on Google Drive are not protected by end-to-end encryption

WhatsApp had clarified back in 2017 that data backed up and stored on Google Drive is not encrypted.

In what comes across as a shocking revelation, WhatsApp has notified its users that its end-to-end encryption feature that it safeguards every user's chats with, does not remain encrypted once backed up on Google's servers.

In an update on its FAQ section, WhatsApp added a note labelled as 'Important' which read, "Media and messages you back up aren't protected by WhatsApp end-to-end encryption while in Google Drive."

WhatsApp for Android. Image: tech2/ Shomik Sen Bhattacharjee

WhatsApp for Android. Image: tech2/ Shomik Sen Bhattacharjee

The update from WhatsApp comes just days the Facebook-owned app informed users that it had struck a deal with Google which ensures that chat backups will no longer be eating into their Google cloud storage space, beginning 12 November.

As noted by the Economic Times in a report, WhatsApp had clarified back in 2017 that data backed up and stored on Google Drive is not encrypted. But it was assumed that WhatsApp had reached a consensus with Google to leave user data encrypted while it is backed up on Google Drive.

This would raise further eyebrows on WhatsApp's end-to-end encryption feature which has fallen under the government's scanner lately. The Centre has called on the messaging platform to offer traceability of messages sent on the app to which WhatsApp responded saying that the company cannot access user messages because of end-to-end encryption.

Experts, however, argue that it is a feature offered by WhatsApp to ensure users don't lose their chats while switching devices. Krishna Kothapalli, an independent security researcher speaking to Economic Times mentions, "As a WhatsApp user you have the choice to not backup your data to Google Drive. They (WhatsApp) are not forcing you to back up. It is a feature. So, if you trust Google, you can enable it."

Looking at it from a privacy point of view though, you can sit back and not be too bothered because Google at their end already does encrypt files on their servers. But unlike WhatsApp, Google also ultimately controls the keys for encryption which they may let out to law enforcement authorities on the basis of a warrant.





also see

science