About two years ago, most of us were graced by the ‘messages to this chat and calls are now secured with end-to-end encryption (E2EE)’ line on Facebook-owned chat app, WhatsApp. It was a big deal for a lot of people thanks to E2EE’s superiority as far as security is concerned.
In principle, E2EE was long overdue as other competing product had already integrated the feature in their apps. The development meant that two parties having a conversation on the platform could share information privately without interference or eavesdropping by an intruder, ISPs or carrier. In other words, only the two parties involved in a chat can decipher each other’s texts.
It appears that E2EE does not extend its service to chats backed up in Google Drive, and this setback hit me a couple of days ago.
A little background: Unlike Telegram, WhatsApp does not pride itself as a cloud-based chat app. This means that your messages live in the local storage of your device. What is more, a user cannot log into his/her account using another device; it is just limited to a single device (although you can run two different accounts on the same device via app cloning).
Due to this limitation, backups had to be transferred manually if a user switched to a new device. It is not an easy solution to execute, which is why WhatsApp struck a deal with Google to allow Drive backups. Owing to a sea of images, gifs and videos shared in the app, it emerged that the ever-ballooning WhatsApp backup was eating into our limited Gmail cloud storage that is capped at 15 GB. Personally, I had to delete the backup to make more room for other files.
These limits would be fixed days later when WhatsApp announced that Drive backups would not affect Gmail’s cloud storage.
Now, other than the fact that iOS users can back up their conversations to either iCloud or Google Drive, the limitation to having a copy of WhatsApp conversations in Google Drive only for Android users is made worse by lack of E2EE for those chats (for both platforms).
Some of us have always thought that backups services will have the same level of security as the app, but this is not the case now, and WhatsApp explicitly tells users during the process of exporting conversation to Google servers.
“Media and messages you back up aren’t protected by WhatsApp end-to-end encryption while in Google Drive,” reads a warning.
Also, users will be required to update their backups that have not been touched for 12 months else the search giant will delete them permanently.
Bummer.