The surfacing of private WhatsApp exchanges between Bollywood actors amid the investigation into the death of actor Sushant Singh Rajput has raised questions about the platform’s security, and whether the app indeed protects user privacy. Mint takes a deep dive.
What does end-to-end encryption mean?
When texts are sent from your phone, there are three points of contact—your phone, WhatsApp’s servers and the receiver’s phone. So, between WhatsApp’s server and the receiver, the so-called Man In The Middle (MITM) attacks are possible. Besides, WhatsApp, its parent Facebook could technically access texts when they’re on server. In end-to-end encryption, the transmitted text is encrypted all the time, ensuring that only the sender and receiver can read it in plain text. This reduces chances of MITM attacks or leaks at the service provider. Even if a person does intercept the text, they’ll get unreadable encrypted texts only.
Do all exchanges via WhatsApp remain pvt?
While end-to-end encryption is a powerful protection measure, it doesn’t guard against physical access to one’s messages. Your phone’s lock code encrypts all data inside it, and whenever the correct code is entered, data is available in plain text. You could set up the lock code to be entered a second time before WhatsApp is opened, but that doesn’t help much. Messaging application Signal allows users to set up a separate Signal PIN, though if you’re forced to hand over your phone to the authorities—like in the case with Bollywood actors currently—you’ll probably have to disclose your PIN too.
Are there safer alternatives to WhatsApp currently?
Signal and Telegram are popular. Besides, since they aren’t as big as WhatsApp there may be less effort—especially by governments—to compromise their systems. Signal has more security features and endorsement from whistleblower Edward Snowden, which is why users opt for it. But even Signal can’t do much to protect against physical access to a phone.
Does WhatsApp have built-in backdoors?
WhatsApp uses the open source Signal protocol for encryption, which is a sort of a defence against backdoors. Theoretically, since the encryption code is open sourced, experts can spot backdoors. The government may say backdoors won’t be open to the public, but an existing backdoor can be found by attackers and security experts. That said, WhatsApp’s overall code is closed source, so you can’t be sure how the Signal protocol is implemented, and with what modifications. Your only option, in that case, is to trust WhatsApp.
How much can one trust Facebook?
WhatsApp was the icon of openness for long. Many experts still say WhatsApp has done a lot to ensure no backdoors can be mandated by governments, but many have trouble trusting Facebook, given its track record on user privacy. The company has vested interests with all big governments, so the argument is, why Facebook would side with users instead of authorities. The point that Facebook needs users is thin too, since the company gets a big part of its data from being able to track users outside its platforms.