Global mobile messaging phenomenon WhatsApp is set to roll-out end-to-end encryption to its 600 million users in a move which will not impress the likes of spy agencies GCHQ and the NSA.
The world’s most popular messaging platform – now owned by Facebook after a $22bn deal – has been working with encryption firm Open Whisper Systems over the past six months to implement the capabilities, the latter said in a blog post.
The firm’s TextSecure encryption protocol has been incorporated into the latest WhatsApp Android client, although encrypted messaging for group chat and media messages are not yet supported.
Open Whisper Systems also promised to deliver “options for key verification in clients as the protocol integrations are completed.”
If there’s no method of verifying the identity of the person you’re messaging, it could leave the system open to abuse.
It continued:
“WhatsApp runs on an incredible number of mobile platforms, so full deployment will be an incremental process as we add TextSecure protocol support into each WhatsApp client platform. We have a ways to go until all mobile platforms are fully supported, but we are moving quickly towards a world where all WhatsApp users will get end-to-end encryption by default.”
Open Whisper Systems claims that TextSecure itself encrypts text and chat messages over the air to protect comms in transit and locally, so that if the device is lost they cannot be read.
What’s more, the firm said it uses “Perfect Forward Secrecy” technology which generates random public keys per session, so that even if one message were decrypted by an eavesdropper the rest could not be cracked.
It should be noted that Open Whisper Systems did not confirm whether its encryption for WhatsApp features these capabilities.
Although it’s a great step forward for privacy advocates, the feature will certainly not be welcomed by governments and law enforcers around the world.
In the US especially, officials from the attorney general Eric Holder through to FBI boss James Comey have stepped up criticism of late against smartphone companies and platform providers offering strong encryption.
They argue that making what was once specialized identity masking technology free for all will help more criminals – including terrorists and pedophiles – hide their activities.
GCHQ boss Robert Hannigan made a similar argument in a much-criticized opinion article earlier this month, claiming that we need “better arrangements for facilitating lawful investigation by security and law enforcement agencies than we have now.”
Jeremy Linden, senior security product manager at mobile security firm Lookout, told Infosecurity that most modern smartphones have the processing architecture to handle encryption with ease.
“With the state of technology today, no mobile app should be given a pass on deploying proper encryption due to resources,” he added.
“Just as internet websites evolved to protect against privacy based threats which exploited unencrypted mobile connections, it’s clear that mobile apps will need to go through a similar evolution in order to adequately protect their users.”