The popular messaging service WhatsApp has stepped up security for users of its consumer messaging service by adopting end-to-end encryption.
In what represents the largest rollout of this level of encryption in any messaging system worldwide, according to the BBC, WhatsApp integrated Open Whisper Systems’ TextSecure software – which will be turned on by default for Android users – with WhatsApp’s iOS consumers to follow suit. Although in an Open Whisper blog post, the suggestion was that the team still ‘have a ways to go until all mobile platforms are fully supported, but we are moving quickly towards a world where all WhatsApp users will get end-to-end encryption by default.”
What makes this end-to-end solution so exciting is that no decrypting of messages is done over the air or via the messaging service’s servers. It’s all done on the device as it sends and receives messages, meaning not even WhatsApp itself can access your private messages. In addition to this, the encryption supports asynchronous data transfers, so even if the recipient is not online, the encryption still functions properly even when the message’s recipient is offline.
In addition, each message uses a one-time message decryption key. Even if someone managed to hack one message, the same key would not be usable to decode other messages, as reported by The Register.
That said, Open Whisper were quick to point out that,”The WhatsApp Android client does not yet support encrypted messaging for group chat or media messages, but we’ll be rolling out support for those next…’
WhatsApp has somewhere in the region of 600 million active users, making it the most popular messaging tool by some margin in most of the world’s major territories.