Deciphering WhatsApp’s end-to-end encryption: What it is and how it works

As one the most popular messaging platform in India, and for most of the world as well, WhatsApp comes under a lot of scrutiny and even attack from both state-sponsored and independent hackers. The billions of daily messages that fly back and forth between people and businesses carry everything from innocuous ‘Good morning!’ messages to privileged and private information that should not fall into someone else’s hands. To keep this information secure and to prevent anyone, even WhatsApp themselves from accessing it, the company employs end-to-end encryption (E2EE).

What is end-to-end encryption?

IBM defines E2EE as “a secure communication process that prevents third parties from accessing data transferred from one endpoint to another.” Essentially, data is scrambled using a unique encryption key, and can only be unscrambled using another unique key. Even if someone intercepts the message, they will not be able to unscramble the data or message and read its contents without having access to the relevant keys.

ALSO READ: WhatsApp troubleshooting: Solutions for when WhatsApp is not working

The process itself is far more complex than this simplified explanation lets on, suffice it to say that there are many more steps involved in identifying senders and recipients, the types of keys used, and how the data is shared back and forth.

E2EE isn’t infallible and has a few issues, most notable being the fact that end points are vulnerable. In other words, if the devices used to send and receive messages, i.e. your phone, is compromised, then the message itself can be compromised. Additionally, many governments including the US government has tried to force companies to build backdoors into E2EE protocols. These so-called backdoors are designed to undermine the E2EE protocol and give certain organisations and governments direct access to the information being shared. Companies like WhatsApp, Google, and Apple continuously fight such attempts to ensure that messaging remains secure.

How does WhatsApp use E2EE?

Like most popular messaging platforms, WhatsApp enables E2EE by default for all communications on its platform. This includes messages to and from businesses. Instead of basic E2EE, WhatsApp also uses the Signal Protocol, a more comprehensive and secure E2EE system developed by secure messaging app Signal – the one Snowden used to keep his conversations private from even the US government.

This Protocol has additional layers of security for verifying the identity of both sender and receiver, more advanced encryption, and more. The keys used to encrypt and decrypt the messages, for example, change with every single message that is sent. Even if someone has the keys you used for one message, they cannot use it to decipher other messages.

How to verify that E2EE is enabled

E2EE can be disabled under certain exceptional circumstances. Thankfully, WhatsApp includes a system you can use to verify that the communication between you and the recipient is secured by E2EE. To verify this, simply open the chat window, tap on the person’s or business’s name, scroll down to encryption and cross check the QR code and/or the 60-digit code with the recipient. Both codes must match for encryption to be enabled.

Limitations of WhatsApp’s E2EE

As mentioned earlier, the biggest weakness of E2EE is the device itself. If your device or that of the recipient is compromised in some way, your messages may be encrypted, but they won’t be secure. A similar limitation applies to businesses in that while communications to and from a business are encrypted and secure, there’s no way of knowing how that business is dealing with that data and how many people have access to that information.

ALSO READ: WhatsApp view once messages: A guide to secure messaging

There are also some privacy concerns with using WhatsApp. While all messages use E2EE, businesses can choose to share some additional information about you with WhatsApp and vice versa. Some of your messages are also serviced by AI from Meta – WhatsApp’s parent company – and Meta received these chats on their servers to process the data.

End-to-end encryption is one of the most secure protocols we have for ensuring that our communications are private and secure. Almost all of the popular messaging apps use some form of E2EE, and thankfully, so does WhatsApp. While there are some privacy concerns with using WhatsApp itself, private messages are properly encrypted for now and WhatsApp is ready to fight anyone, even governments, if asked to weaken this essential security protocol.