WhatsApp is the most popular instant messenger in the world, with more than two billion people. This is a serious indicator, given that the audience of the same Telegram is about a dozen or two times smaller. The interest of users in WhatsApp, it seems, is unable to extinguish almost anything about the insecurity of WhatsApp and the negligent approach of its creators to user privacy. True, for some reason of forgot to mention that on Android things are much better than iOS.
First, a little introduction. As you know, one of the key characteristics of modern instant messengers is support for end-to-end encryption. This is a security standard that eliminates the possibility of intercepting the sent message. It can only be read by two people: the sender and the recipient. When one sends a message to another, encryption keys are generated on their devices, which allow them to decrypt the written. Both Telegram and WhatsApp support end-to-end encryption, but it works in a limited mode on iOS, unlike Android.
Why WhatsApp Backups
The fact is that WhatsApp assumes the use of backups. On Android, they are stored in Google Drive, and on iOS, they are stored in iCloud. Thus, the creators of the messenger protect users in situations if they suddenly lose their smartphone. After all, even if the user remotely clears the device, it is possible that the person who found it will be able to guess the password and, having installed WhatsApp, confirm the entry and read all the correspondence. But since they need a password from an Apple or Google account to restore chats, this will not happen.
This brings us to the key differences between WhatsApp for Android and WhatsApp for iOS. It lies in the fact that Google Drive assumes end-to-end encryption of backups, and iCloud does not support them in principle. This is a very serious drawback that makes the use of encryption of individual messages sent from the device, in principle, useless. After all, if the backups are not protected with end-to-end encryption, then, in theory, attackers have the ability to hack and seize them.
Why iCloud isn’t end-to-end Encrypted
But why isn’t Apple using iCloud end-to-end encryption? There are actually two explanations for this limitation, which are not mutually exclusive:
Convenience. End-to-end encryption of the cloud storage where the backups are stored assumes the only decryption method, and this is the password used for authorization. If you forget or lose it, you will no longer be able to restore it, because Apple does not have the ability to decrypt it.
Special Services Order. Despite the fact that Apple demonstratively denies the secret services to jailbreak the iPhone, the company, with a blue eye, provides them with all the iCloud account data. And there, by the way, a lot of information is stored – from movements to payments. They say that Cupertino wanted to encrypt iCloud, but received an unspoken scolding from American law enforcement officers.
Whether this means that Google is both opposed to convenience and demonstrates greater adherence to principles in matters of interaction with special services than Apple is difficult to say. Most likely, the search giant uses a different approach to backups, because, oddly enough, they are not as widespread on Android as on iOS. Therefore, it is highly likely that neither users nor law enforcement agencies care about them. And, therefore, they can be encrypted. But those who understand what’s what only benefit from this.
Keep visiting our blog for more informational articles.