Meta, WhatsApp’s parent company, announced a security update for the messaging app, which now extends end-to-end encryption to chat backups stored in the cloud. The new functionality, which will be gradually released to Android and iOS users, aims to protect the history of messages, media and documents against unauthorized access, even on Google Drive or iCloud servers.
This additional layer of protection uses access keys, known as passkeys, which are based on the device’s own biometric authentication methods, such as facial recognition or fingerprint. This eliminates the need for complex and vulnerable passwords, making the process safer and simpler for the end user.
The implementation represents a significant milestone in data privacy, as it resolves a long-standing security breach. Anteriormente, although messages in transit were protected, cloud backup files could theoretically be accessed by service providers or third parties who gained access to these accounts.
What changes in the protection of your data
Since 2016, WhatsApp has used end-to-end encryption to protect the more than 100 billion messages exchanged daily by its more than two billion users. Essa technology, based on the robust Signal protocol, ensures that only the sender and recipient can read the content of conversations, preventing intermediaries, including Meta itself, from accessing the information. Contudo, this protection did not extend to backups saved to Google Drive (for Android) or iCloud (for iOS). Essa loophole meant that if a user’s cloud account was breached, their entire chat history could be exposed. The new update fixes this vulnerability by applying the same asymmetric and symmetric encoding to backup files before they are sent to external servers. In practice, the data becomes an indecipherable block of information without the security key, which remains exclusively under the user’s control, reinforcing sovereignty over their own information and aligning the service with the strictest global privacy practices.
Understanding passkey technology
Passkeys represent the next generation in digital authentication, designed to completely replace traditional passwords. Instead of a combination of characters that can be stolen, forgotten or leaked, a passkey uses a pair of cryptographic keys. A public key is stored on the application server, while a private and secret key remains secure on the user’s device, protected by biometrics (fingerprint, facial recognition) or a PIN. Quando the user tries to access the backup, the device uses the private key to sign a challenge sent by the server, which verifies the signature with the public key. Esse process confirms the user’s identity without ever transmitting the secret, making phishing attacks and password leaks ineffective.
This approach is not exclusive to WhatsApp and is part of a broader movement in the technology industry, driven by standards established by consortia such as FIDO Alliance, which includes giants such as Google, Apple and Microsoft. The adoption of passkeys simplifies the user experience, as they no longer need to manage dozens of complex passwords, while also drastically increasing the level of security. By integrating this technology, WhatsApp not only protects backups but also educates its vast user base about a more modern and secure authentication method, which is likely to become the standard for all digital services in the coming years.
Guide to Enable Encrypted Backup
Enabling the new security layer on WhatsApp is a straightforward process and can be completed in a few minutes. Activation is done directly in the application settings, ensuring that the user has full control over the protection of their data. Siga steps correctly to ensure your chat history is completely safe.
First, open WhatsApp and access the “Settings” menu. On iOS devices, it’s in the bottom right corner, while on Android, it’s in the three-dot menu in the top right corner. Dentro from settings, tap the “Chats” option to access preferences related to your chats.
On the next screen, locate and select the “Chat backup” option. It is in this section that you will find the new functionality. Procure for “End-to-end encrypted backup” and tap to start the setup process. The app will provide detailed information about what encryption entails.
The system will then offer two options to protect your backup: create a unique password or use an automatically generated 64-digit encryption key. Integration with passkeys allows authentication to access the backup to be carried out using your cell phone’s biometrics, simplifying the process. Escolha your preferred method and follow the on-screen instructions to complete the activation.
The importance of the recovery key
By activating the encrypted backup, WhatsApp emphasizes that the responsibility for keeping the access key lies entirely with the user. If you choose to create a password and forget it, or if you lose the 64-digit key, access to the backup will be permanently lost. Não there is a recovery mechanism by the company.
This measure, although it may seem strict, is the essence of end-to-end security. Como herself does not have a copy of the key, she cannot decrypt the data, not even under a court order. Isso guarantees the highest level of privacy, but requires the user to adopt good storage practices for their key or password.
It is strongly recommended that the 64-digit key be written down in a secure physical location or saved in a reliable password manager, such as the one built into Google’s system or Apple’s iCloud Keychain. Evite store it in easily accessible locations or in unprotected digital formats, such as a plain text file on the device.
Advantages for users and companies
Implementing encryption in backups offers clear benefits for both ordinary users and business accounts using the platform. Para the individual user, the main advantage is the peace of mind of knowing that your digital memories, including family photos, videos and personal conversations, are protected against intrusions into your cloud accounts, which are frequent targets of cyber attacks.
For businesses using WhatsApp Business, improved security is even more critical. The platform is often used for communicating with customers, sharing sensitive information and commercial transactions. Proteger backing up these conversations is essential to maintain the confidentiality of customer data, comply with data protection regulations, such as LGPD, and strengthen trust in the brand.
Combating spam and other security measures
In parallel with strengthening encryption, Meta continues to develop other tools to maintain the integrity of the platform. One of these initiatives, currently in the testing phase, aims to limit the sending of mass messages by accounts that do not receive responses, a common tactic in spam campaigns. Essa functionality primarily targets high-volume accounts, especially business ones, and seeks to curb abuse without affecting legitimate personal interactions. Essa approach demonstrates a holistic commitment to security, combining robust technical defenses, such as encryption, with active policies to improve the quality of the user experience and combat malicious behavior on the platform.
