WhatsApp's encryption reportedly has a backdoor for snooping

(Image credit: Carl Court/Getty Images)

last updated 13 January 2017

For those, like me, who can't keep up with the kids these days and their computer technologies, WhatsApp is an encrypted messaging app now owned by Facebook. Its major selling point is privacy: The end-to-end encryption is supposed to mean that no one — not even WhatsApp employees — can access the messages you send to other users. That promise has helped balloon WhatsApp's customer base to more than a billion people and made it a preferred app of activists and even diplomats who want to keep their communications safe from prying eyes.

It turns out that isn't exactly true. A cryptography researcher from the University of California, Berkeley named Tobias Boelter has discovered a built-in backdoor in WhatsApp that allows some of its privacy protections to be circumvented. The Guardian explains:

WhatsApp's end-to-end encryption relies on the generation of unique security keys, using the acclaimed Signal protocol, developed by Open Whisper Systems, that are traded and verified between users to guarantee communications are secure and cannot be intercepted by a middleman. However, WhatsApp has the ability to force the generation of new encryption keys for offline users, unbeknown to the sender and recipient of the messages, and to make the sender re-encrypt messages with new keys and send them again for any messages that have not been marked as delivered.The recipient is not made aware of this change in encryption, while the sender is only notified if they have opted-in to encryption warnings in settings, and only after the messages have been re-sent. This re-encryption and rebroadcasting effectively allows WhatsApp to intercept and read users' messages. [The Guardian]

Subscribe to The Week

Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.

SUBSCRIBE & SAVE

https://cdn.mos.cms.futurecdn.net/flexiimages/jacafc5zvs1692883516.jpg

Sign up for The Week's Free Newsletters

From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.

WhatsApp does not give governments a "backdoor" into its systems and would fight any government request to create a backdoor. The design decision referenced in the Guardian story prevents millions of messages from being lost, and WhatsApp offers people security notifications to alert them to potential security risks. WhatsApp published a technical white paper on its encryption design, and has been transparent about the government requests it receives, publishing data about those requests in the Facebook Government Requests Report.

Explore More

Stem Speed Reads

To continue reading this article...

Create a free account

Continue reading this article and get limited website access each month.

Get unlimited website access, exclusive newsletters plus much more.

Cancel or pause at any time.

Already a subscriber to The Week?

Unlimited website access is included with Digital and Print + Digital subscriptions.
with the same email registered to your subscription to unlock access.

Not sure which email you used for your subscription? Contact us

Bonnie Kristian was a deputy editor and acting editor-in-chief of TheWeek.com. She is a columnist at Christianity Today and author of Untrustworthy: The Knowledge Crisis Breaking Our Brains, Polluting Our Politics, and Corrupting Christian Community (forthcoming 2022) and A Flexible Faith: Rethinking What It Means to Follow Jesus Today (2018). Her writing has also appeared at Time Magazine, CNN, USA Today, Newsweek, the Los Angeles Times, and The American Conservative, among other outlets.

Subscribe to The Week

Sign up for The Week's Free Newsletters

Sign up for Today's Best Articles in your inbox