One billion people around the world just gained access to end-to-end encryption for their instant messages. That’s because the WhatsApp messaging service has just finished integrating a new encryption protocol known as Signal into all versions of the app by default.
The company announced this week that all chats on its service would be end-to-end encrypted, meaning that it wouldn’t be possible for the company or others to read what is contained within them. The change means that only the sender and recipient are able to unscramble the encrypted messages and read their contents.
That includes encryption of chats, group chats, attachments, voice notes, and voice calls across all its mobile platforms, i.e., Android, iPhone, Windows Phone, Nokia S40, Nokia S60, Blackberry, and BB10.
This upgrade does not require you to update the app itself (in fact, no new version of WhatsApp has come out in several days). It takes place on the server side. So as long as there is a version of WhatsApp that’s compatible with your device, you will benefit from this change whenever you use the app, and your messages are encrypted whether your network is Wi-Fi, 4G LTE, 3G, or Ethernet.
The development comes courtesy of a partnership announced two years ago between Facebook’s WhatsApp and Open Whisper Systems, a communications security project that develops and distributes privacy tools.
“Over the past year, we’ve been progressively rolling out Signal Protocol support for all WhatsApp communication across all WhatsApp clients,” Open Whisper Systems wrote in a blog post yesterday. “Users running the most recent versions of WhatsApp on any platform now get full end-to-end encryption for every message they send and every WhatsApp call they make when communicating with each other.”
WhatsApp encryption uses a 256-bit key, which is only known to the sender and the recipient, which is why the security is described as “end-to-end”. But the Indian rule requires companies to use no more than 40-bit encryption, unless they get explicit permission from the government.
Getting that permission will prove impossible because of the way that the system is set up. WhatsApp would have to hand the key over to the government for it to be checked — but since the company doesn’t actually have those keys, they can’t be handed over at all.
That could mean that the 100 million people who use WhatsApp in India — about 10 percent of everyone who does — are using an app that is illegal in the country. The app is the most popular in the entire country, and more people who are on the internet use the app than do not.
The country’s authorities haven’t yet indicated whether they will pursue action against WhatsApp. But the government has previously come up against other companies including BlackBerry over encryption.
Like many countries, India is currently looking to pass new policies on encryption, and it is unclear whether those will also bring new requirements upon WhatsApp.