For the millions of WhatsApp and iMessage users who are enthusiastically preparing to upgrade to the shiny new iPhone 12, you’re about to see the Apple WhatsApp school on how to make messages work on a new device without compromise security. It’s a serious issue – a gaping vulnerability in the way WhatsApp works – and one that needs to be fixed.
WhatsApp and iMessage are end-to-end encrypted. Messages can only be read by senders and recipients, which should be your messaging standard. If you upgrade to a new iPhone 12, you’ll move your accounts and message histories to your new phone. But in doing so, the security of these messages differs between iMessage and WhatsApp and this end-to-end encryption may be compromised.
The problem has to do with Apple’s iCloud and the very different ways that WhatsApp and iMessage use iCloud on a day-to-day basis and, most importantly, to transfer it to a new device.
WhatsApp’s “chat backup” offers iCloud as the only option and advises to use this backup to restore messages to a new iPhone. “Back up your chat history and media to iCloud,” he says, “if you lose your iPhone or upgrade to a new one, your chat history is safe.” But this use of the word “safe” carries a serious caveat.
Critically, “the media and messages you back up,” admits WhatsApp, “are not protected by WhatsApp’s end-to-end encryption in iCloud.” It’s not just you and those you message to who can see the content. You gave Apple a key. If law enforcement appeals to Apple with a warrant, for example, your WhatsApp backups are accessible. This security issue undermines WhatsApp’s end-to-end encryption.
Apple had the same issue with iMessage, that anomaly where end-to-end encryption was invalidated by cloud backups. And then it was fixed in 2017 with iOS 11. And that makes it much worse that we have a new version of iPhone with this security vulnerability for WhatsApp users still in place.
Let’s put it more simply, the WhatsApp recommended method of transferring your account to a new iPhone was rejected by Apple for its own iMessage three years ago, given the serious security and privacy concerns involved.
So how did iMessage solve the problem? Unlike WhatsApp, iMessage offers cross-platform access. You can use the same iMessage account on your iPhone, iPad, and Mac. Not only that, but Apple also offers the option to sync your entire message history across all those linked devices. If you add a new device, you just turn on “Messages in iCloud” in your iCloud settings and all your messages will be downloaded.
“Messages in iCloud” maintains end-to-end encryption, “your data is protected by a key derived from information unique to your device, combined with your device password, which only you know,” says Apple. “No one else can access or read this data.” Apple does not have a key. There is, however, a serious “but”. “If iCloud backup is turned on, your backup includes a copy of the key protecting your messages.”
While the limitation of encryption with iCloud backups is poorly understood in Apple’s vast user base, this innovative iMessage fix now in place is even less well understood.
You don’t need to backup WhatsApp to iCloud, but you might lose your message history if you lose or change your phone. Likewise, you don’t need to turn on Apple’s iCloud backups, by storing an iMessage key. But, with iMessage, you would need to lose access to ALL your devices to lose your messages.
As more and more data can be synced using iCloud or other cloud services, the idea of having a unified backup in the event of a device loss becomes much less critical. All of this happens when upgrading to a new device, where the process is designed around iCloud syncing by default. But WhatsApp again uses backups.
All of this leaves WhatsApp in an awkward place. After all, the encryption battle between big tech and lawmakers revolves around investigators’ inability to break end-to-end encryption. When platforms cannot access your data, they cannot be forced to do so by law enforcement. However, rely on cloud backups and you have successfully broken end-to-end encryption for them.
“Some of your most personal moments are shared with WhatsApp,” explains the messaging platform, “that’s why we’ve built end-to-end encryption into our app: your messages, photos, videos, voicemails, documents and calls are secure. to fall into the wrong hands. Facebook, the parent of WhatsApp, warned that these “bad hands” include themselves, if “the server and network infrastructure are compromised.” Again, however, cloud backups invalidate this security.
The are options to resolve this issue, but they complicate the upgrade process. You can back up your old device to a Mac or PC, and restore from there, or you can also use iPhone’s offline device-to-device migration, which was introduced last year, hopefully. restore WhatsApp. But it’s do not how WhatsApp advises you to forward messages to new phone, and if you turn off iCloud backup of WhatsApp, you run the risk of lost or crippled device resulting in loss of message history.
WhatsApp would now have both multiple linked devices – with full message histories across all devices – and end-to-end encrypted backups in progress. Either of these updates will fix this issue and provide a secure way to transfer WhatsApp to a new iPhone. But neither looks likely to be in place in time that millions of people are expected to receive new iPhone 12s in the coming weeks.
Once again, with WhatsApp, its upstart rival Signal has taken the lead in launching secure features that WhatsApp lacks. Signal offers several device options, but unlike Apple, it preserves the concept of the primary device and does not offer a cloud backup option. If you lose your phone, you will lose your message history. But you can transfer Signal messages from an old iPhone to a new one, safely, using its new Direct Device-to-Device Transfer, launched this year in time for the iPhone 12.
For most of us, the risk of our end-to-end encrypted messages being stored without end-to-end encryption in the cloud can be seen as less risky than losing a device. Signal’s refusal to offer even an encrypted offline backup option, along with its primary device architecture centered around your smartphone, poses a risk of device loss – and it won’t work for many everyday uses.
But as iMessage has shown, there are ways to preserve security and resiliency – we don’t need to make a difficult choice between the two. The problem with iMessage, of course, is that its end-to-end encryption is limited to Apple’s ecosystem. For everything else, it relies on texting, which is a security nightmare. WhatsApp is perfectly placed to meet all key requirements, but must resolve its backup / device related issues quickly. At this point, his main problem will be his ownership of Facebook – a whole different story.
In the meantime, millions of people will follow the advice of WhatsApp and use iCloud chat backups to transfer message history to the new iPhone 12s. At least now you know the implications in terms of security and privacy.