View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
October 10, 2018

WhatsApp Encryption Warning for Users Over Google Drive Backup Risk

When sending a message between users via the platform one person’s phone sets up an encryption while the other holds the key to the sent message

By CBR Staff Writer

WhatsApp has warned its users that if they back up their messages on Google Drive they will no longer be subject to the WhatsApp encryption process and messages could be potentially read by anyone.

The Facebook owned freeware voice and messaging service offers its users end-to-end encryption, partly constructed using the security protocol developed by Open Whisper Systems the developers of the secure messaging app Signal.

At the start of last month Google and WhatsApp finished negotiations that allow android users to store their WhatsApp data on Google Drive without having it count towards the storage limit on their Google Drive.

WhatsApp Encryption

Unfortunately WhatsApp have informed their users that if they do choose to use the drive, then the end-to-end encryption the platform offers will no longer be applicable to said data.

When sending a message between users via the platform one person’s phone sets up an encryption while the other holds the key to the sent message. WhatsApp Encryption Warning for Users Over Google Drive Backup Risk

However, once the message leaves the platform or your device, for example to be saved in a cloud, it is no longer part of the end-to-end encryption process and is in a readable format.

See Also: WhatsApp Opens up API, To Charge Business Users

Given how WhatsApp’s encryption process works it seems like the company has included a ‘don’t give out to us if it goes wrong’ warning in their recently updated FAQ on Google Drive which states: “Important: Media and messages you back up aren’t protected by WhatsApp end-to-end encryption while in Google Drive.”

Content from our partners
European Technology Leadership: Deutsche Bank CTO Gordon Mackechnie
Print’s role in driving the environmental agenda
What finance leaders get wrong about digital transformation

If you are using WhatsApp’s service for non data sensitive messaging then utilising this deal with Google Drive is a good way to have reassurance that all your chats and data are recoverable in the event of phone loss.

GDPR Risk

Some companies have banned their employees using the platform as they believe that it is too risky a service given the recent privacy rules and GDPR regulations that have been rolled out by the European Union.

WhatsApp Encryption Warning for Users Over Google Drive Backup Risk

Car industry supplier Continental has told its employees that they should no longer use the service for work stating that: “In the company’s opinion, these services have deficiencies when it comes to data protection, as they access a users’ personal and potentially confidential data such as contacts, and thus the information of third parties who are not involved.”

“In the case of WhatsApp, access to the contact list cannot be restricted. The responsibility for complying with data-protection laws is therefore shifted onto the users of this app.

Continental’s CEO Dr. Elmar Degenhart, adding to the statement that: “We think it is unacceptable to transfer to users the responsibility of complying with data protection laws. This is why we are turning to secure alternatives.”

Morten Brogger CEO of Wire an end-to-end encrypted messenger service and competitor to WhatsApp commented in an emailed statement that: “Given how much sensitive data employees share over WhatsApp it’s very simple – it should not be used by businesses full stop.”

“Sensitive information backed up without the protection of end-to-end encryption is clearly not just privy to WhatsApp and it’s owner Facebook, and to Google, it is also available for governmental entities, hackers and anyone with sufficient skills and time. Any company using WhatsApp for business use is jeopardising compliance with GDPR.”

Computer Business Review Contacted WhatsApp in relation to this story but received no reply.

Websites in our network
NEWSLETTER Sign up Tick the boxes of the newsletters you would like to receive. Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
I consent to New Statesman Media Group collecting my details provided via this form in accordance with the Privacy Policy
SUBSCRIBED

THANK YOU