Security Social Media

Why WhatsApp’s End-to-End Encryption Is a Big Deal

Dann Albright 27-04-2016

WhatsApp, one of the most popular alternatives to text-messaging in the world, recently announced that they would be enabling end-to-end encryption in their service (this follows their previous announcement that they’d be partnering with Open Whisper Systems WhatsApp Encryption: It's Now the Most Secure Instant Messenger (Or is it?) Since being acquired by Facebook, WhatsApp has been forced to clean up its approach to security and privacy, which resulted in the news last year that it has introduced new encryption measures. Read More to improve the security of the app).


The timing of this announcement is especially notable, as the battle between Apple and the FBI Apple Refuses to Help the FBI, Popcorn Time Returns... [Tech News Digest] Apple stands up for personal privacy, the original Popcorn Time gets resurrected, Kanye West learns the price of piracy, Sega gives games away on Steam, and play Pong on your Apple Watch. Read More over passwords and encryption is still ongoing. But what does this mean for you? Here’s what you need to know about WhatsApp encryption.

What, Exactly, Is End-to-End Encryption?

To make sure you understand why this is a big deal, I’ll quickly go through the basics of the technology behind the change. First, let’s take a look at text messaging, a totally unencrypted service. You type out the message on your phone and hit send. That message, character-for-character, is sent to your cell phone provider, where it’s stored on a server. It’s then sent from that server to the recipient’s phone. At every point in the transmission, it’s plain text, which means anyone could read it.


Obviously this isn’t secure. So some apps offer a bit more security. Facebook’s messaging app, for example, encrypts your messages through part of their journey (read up on the basics of encryption How Does Encryption Work, and Is It Really Safe? Read More if you need a primer). You type it on your phone, and hit send; the message is encrypted, so no one can read it, and then it gets to Facebook. It’s decrypted, and stored on their server.

It’s then re-encrypted and sent to your recipient, where it’s decrypted again. Even with this partial-path encryption, your messages are stored in plain text on Facebook’s server, and they have the keys to the encryption used. They can see your messages, and if they’re compelled to hand them over to the government or they get hacked, someone else will have those keys, too (unless you’re using an Off-The-Record chat client How To Go Off-The-Record With Your Facebook Chats Facebook chats are a great way to communicate with a major drawback: Facebook keeps a record of everything. Unless you delete chats manually, they will remain on Facebook for years to come. Read More ).


Now we get to end-to-end encryption, like the kind used by WhatsApp. In this method of securing your communications, the key to the encryption is known only by the sender and the recipient, and your message isn’t decrypted when it’s stored on the company server. It sits there, fully encrypted, and totally inaccessible to WhatsApp (or whoever else might get access to that server).


Obviously, this is the most secure way to send messages. Not even the company that provides the service can snoop on your messages. Which means if the government gets a secret warrant for their servers, they can’t either. If they get a hold of your phone, it might be another story, but that seems quite a bit less likely.

Why Is WhatsApp’s Timing So Important?

WhatsApp announced that they’d be rolling out end-to-end encryption on 5 April, 2016, just under two months after a federal judge ordered Apple to help the FBI get into the iPhone belonging to Syed Farook, one of the people responsible for the previous December’s terrorist attack on San Bernadino, California.


Apple and the FBI went back and forth over the privacy and security implications FBI Backdoors Won't Help Anybody - Not Even the FBI The FBI wants to force technology companies to enable security services to snoop on instant messaging. But such security backdoors don't actually exist, and if they did, would you trust your government with them? Read More of allowing authorities access to a locked iPhone, and the battle still continues, with a number of related court cases being heard. To put it succinctly, there hasn’t really been any resolution. The FBI hired someone else to get into the iPhone, Apple is still holding strong, and big names around the world have started to take sides.


The fact that WhatsApp announced the encryption of their service during this monumental battle is a really big deal. This situation is clearly going to set a precedent for relations between law enforcement and the tech sector in the future, and WhatsApp — and, therefore, Facebook — is coming down on Apple’s side in a big way.

As one of the largest messaging services in the world, WhatsApp is painting a pretty big target on its back for the US government. At the same time, it’s gained a lot of points with privacy advocates and earned more trust as a secure messaging app from its users and potential users.


Will There Be Consequences?

Some countries, generally the more repressive ones, have already banned the use of encryption, and the status of encrypted messaging apps in others is under question. Both France and the UK have made worrying remarks Why Snapchat & iMessage Could Really Be Banned In The UK Speaking to a room full of party activists in Nottingham, Prime Minister David Cameron declared that encryption for messaging would be banned should his party gain a majority at the next General Election. Read More about their intentions to potentially outlaw encrypted services.

But because this functionality was rolled out so recently, we don’t really know if any countries out there will try to ban the app or take legal action against WhatsApp. It seems fairly likely that the US will, at some point, try to compel WhatsApp to create a backdoor encryption key that will let it spy on encrypted communications through the app (it’s also possible that they’ve already made this demand).

We can’t know how WhatsApp would respond to this sort of demand, but Mark Zuckerberg’s statements supporting Apple certainly imply that he would want to take a stand against similar action taken by the government.

Changes for WhatsApp Users

So WhatsApp is taking a stand, but what does that mean for you? For the most part, absolutely nothing. All of the encryption takes place behind the scenes, and your messages will be sent in exactly the same way they used to.


Now, though, when you tap on the name of the person that you’re sending messages to, you can tap Encryption to get a QR code and a long number that you can compare to the code or number on your recipient’s phone to make sure that your messages are encrypted. It’s probably not something you’re going to do on a regular basis, but it’s nice to know that you could check.


Beyond that, your WhatsApp experience will be exactly the same as it was before!

Shots Fired?

Could this be opening salvo in another battle between the US authorities and an American company? It’s a little early to say, but it certainly looks like that could be the case. How the FBI, NSA, and WhatsApp proceed from here will certainly be interesting, and when something big happens, we’ll be sure to let you know!

What do you think about WhatsApp’s deployment of end-to-end encryption? Are you less worried about Facebook spying on your chats? Do you think it will become a target of the US authorities, or that it might be banned elsewhere in the world? Share your thoughts below!

Image credits: SFIO CRACHO via, kentoh via

Related topics: Encryption, Instant Messaging, WhatsApp.

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. Darren Chaker
    October 4, 2017 at 2:58 am

    Privacy is about privacy. If a back door was allowed, Russia and China make great encryption software too! Best to all, Darren Chaker

  2. David Sharpe
    March 15, 2017 at 3:41 am

    I have very mixed emotions on this. Yes, I think privacy is an important thing for some legitimate pieces of data, but does that outweigh the drastic changes in our world caused by the war on the U.S. and other countries. No, it's not the "conventional" war where identifying our enemies was relatively easy, but it is a war. Americans are being killed by religious radicals who are interpreting the Kuran in the most destructive and inhumane way possible. You can't tell who they are, you can't really identify a "country" that's the bad actor and go bomb them and "win". We've got to acclimate to this "cowardly new world", and if that means we must give up a lot of our privacy to save the lives of our fellow countrymen, I believe we must. There are ways people can keep their legitimate information relatively private. And for those that have something to hide in their phones, computers, etc. it's highly likely to be illegal. So I conclude: keep your private stuff off your electronics; enable law enforcement to be able to access these devices to gain intel in the case of potential terrorism or as prosecuting information for illegal acts. I'd rather let them have my phone than to have another soldier die.

    • Dann Albright
      March 29, 2017 at 3:22 pm

      What do you think about potential abuses of this power? Powers of surveillance were advanced greatly under the previous administration, and it's likely they'll continue to grow under the current one. What if a future administration (or even this one) decides that people who text "anti-American" things should be questioned or detained? Or if people who send texts about potential immigrants should be questioned? These are the sorts of abuses I'm worried about. I'm definitely on board with using surveillance on people who are suspects. That's totally fine. It's the rest of the people that I'm worried about.

    • Bozhin Zafirov
      July 24, 2017 at 9:43 pm

      "Power tends to corrupt, and absolute power corrupts absolutely." - Lord Acton, 1887

      I don't think anyone would want to help corrupt the authorities by willingly giving absolute power in their hands. This won't be good for us and won't be good for authorities either. Mass surveillance has very little to do or nothing at all with preventing potential terrorism, but it's a great tool for FUD.

      For example, this website being accessible in unencrypted manner makes it easy target for surveillance and probably every person who reads or comments at some point in time may be considered potential terrorist (including me) and therefore could be watched by respective authorities - to the extent of power (or absolute power) they have.

      Knowing this fact many many people (including me sometimes) restrain themselves from accessing websites containing specific information that for some reason may be considered dangerous by authorities (like common topics as physics or chemistry). This in turn means these people will rarely or never get an information they find interesting, and thus they won't be able to learn things which could potentially shape their lives in directions which could be beneficial for many societies around the world. So how is this kind of FUD repression a good thing?

      On the other hand, my impression is that in time authorities gain more and more power (struggling for absolute power of course) over our privacy, sometimes with a pretense that this is for the greater good and preventing crime and terrorism, but anyway these seem to be increasing in time? So maybe this doesn't really work the way we are supposed to believe?

      Don't get me wrong, I support all sane security measures against today's global plague, but violation of human rights and privacy is not amongst them. Of course, every rule has an exception and laws clearly state what is an acceptable exception. But we need to be very careful with these exceptions and enforce control to avoid giving absolute power in someone's hands.

  3. O'cherry
    June 8, 2016 at 1:33 pm

    But if I understood Prof Mo correctly, I think he meant WhatsApp (the company ) can still view your messages once decrypted by the recipient. And to be sure, I'd like to know if that really is the case or are all third parties declined access to messages sent eye encrypted.

    • Dann Albright
      June 13, 2016 at 7:46 pm

      Yeah, I'm not totally sure. If the company can see the messages on your device, that means they would have to be send, unencrypted, back to the company at some point. Which would mean that their claim of end-to-end encryption wouldn't really be true. Right? I have to imagine that's not the case; it seems like it's too big of a risk if you're trying to bank on the privacy thing.

  4. Prof Mo
    April 30, 2016 at 12:21 am

    End-to-End encryption isn't as safe as it sounds. The message gets decrypted within What's App. This means after it arrives at its destination, What's App can still read the data. You can only be certain What's App didn't see your data if decrypt it outside of the Whats App client.

    • Dann Albright
      May 3, 2016 at 1:35 pm

      It depends on who you're trying to keep your data away from. If you're worried about government surveillance, then e2ee is really good. It's not going to be quite as effective against corporate surveillance from the provider of the app, but I would think that rigging up a system to decrypt it outside of the app would be a pretty big hassle. As far as I know, there isn't any solid indication that WhatsApp is monitoring the decrypted messages, but it's a possibility, I suppose.

    • Rich
      May 16, 2016 at 1:30 pm

      This is an interesting topic. The article above stated that the message only gets decrypted by the recipient, not even WhatsApp can see it. At what point is the message decrypted for WhatsApp to see it? When can WhatsApp read the data?

      • Dann Albright
        May 16, 2016 at 8:51 pm

        I think I understand your question; when I said that WhatsApp can't see it, I meant the company, not the app. The app on your phone (or your recipient's phone) does the decrypting so the message can be displayed in the app. It decrypts the message when it's received from the sender.