Cloud Hosting

Apples iPhone has broken Facebooks business model this year, stripping billions in ad revenue from the social media giant. Now it seems the iPhone can also break WhatsApps huge new security update, unless millions of you change your settings.

No other messaging service provides this level of security for your messages,WhatsApp proudly told me in September, as Mark Zuckerberg proclaimed WhatsApp the first global platform to offer end-to-end encrypted messaging and backups. Unfortunately, a fairly well-hidden setting on your iPhone might stop this working, putting all those private WhatsApp messages where Apple can read them.

Enable Encrypted Backups

WhatsApps messages have been secured by end-to-end encryption for years. The issue that Facebook fixed was the security wrapper around the messaging platforms cloud backups, hosted courtesy of Google Cloud for Android and Apple iCloud for iOS.

Until now, WhatsApps cloud backups have been outside its encryption, meaning that Apple or Google can access your chats and media. Law enforcement requests on Apple for iCloud data could return WhatsApp backups along with everything else. But by adding encryption, WhatsApp stops anyone but you from accessing your backups.

I have warned about the dangers of unencrypted backups multiple times. We figured youd be excited about this one, WhatsApps spokesperson said when they called to tell me that encrypted backups was ready and set for deployment. And now its here. The only problem is the way Apple sets up its iPhone could spoil the party.

The issue is the iCloud backup itselfthe general iPhone backup that you can use to restore your settings, home screen, app installs and data thats only on your phone. Your iCloud backup isn't end-to-end encrypted, Apple holds the key to all that data.

Zuckerberg has attacked iMessage in the past for security weaknesses relating to this iCloud backup. iMessage stores non-end-to-end encrypted backups of your messages by default unless you disable iCloud, he has warned. Apple and governments have the ability to access most people's messages. So, when it comes to what matters mostprotecting people's messages, I think that WhatsApp is clearly superior.

What iCloud actually stores in its backup is a copy of iMessages end-to-end encryption keysnot the messages. Zuckerberg got his facts muddled. The net effect is the same, though. Apple can retrieve the key and access messages. This renders iMessages rock solid encryption fairly pointless unless you disable that backup setting.

Ironically, that same issue has now hit WhatsApp. If you have an iPhone and dont change your iCloud backup options when you enable WhatsApps encrypted backups, the platform warns, an unencrypted version of your [WhatsApp] chat history is also backed up to iCloud. Which also renders WhatsApps encryption fairly pointless.

WhatsApps encrypted backup solution is technically clever, storing encryption keys on third-party servers protected by user-generated passwords, all outside WhatsApps (and Apples and Googles) reach, all of which is rendered useless if you dont delve into your iPhone settings. We recommend disabling iCloud backup when you set up end-to-end encrypted backup in WhatsApp, the platform says.

iCloud Backup Warning

Unlike iMessage, you dont need to disable iCloud backup completely, and so its much better. But you do need to enter your iCloud settings where the app-by-app toggles can be found, and disable WhatsApp in that list. Until you do that, iMessage and WhatsApp will have exactly the same iCloud compromise.

The iMessage/iCloud backup risk has never generated the headlines it warranted. But now every iPhone user enabling WhatsApps backup encryption will see the warning. What they need to realize is that theyre running this same risk with iMessage, without any toggle option. Hopefully this will force Apples hand to finally address the issue.

If youre an iMessage user, you can make it fully secure by disabling the general iCloud backup. iClouds general backup is less critical than it was in the past, given that so many of our apps and services sync continually to the cloud. If you want to secure your WhatsApp backup, so long as you have turned encrypted backups on, you can just toggle off WhatsApp within iCloud as you can see in the graphic below.

Secure backup settings

The idea of a general iCloud backup needs to be rethought. WhatsApp users shouldnt need to search that setting, iMessage needs a more secure setup. Apples security loopholes have been headline news this year, with Pegasus, client side scanning and various zero-days escaping patching. This issue is much easier to fix.

As I reported last week, Apple isnt always as much a bastion of your privacy as it makes out. Its refusal to RCS-enable iMessage, offering secure stock messaging between iOS and Android for the first time, is a good example of this. Thisironically againis helping WhatsApp maintain its market lead.

WhatsApp is the big winner when it comes to iMessage versus Google Messages. Its ridiculous that theres no stock messenger option that works securely across Android and iOS, that users need to opt for an over the top like WhatsApp or rely on SMS, a platform with pitiful security. Apple has chosen not to onboard the industry standard RCS, essentially SMS V2, because it would loosen the stickiness of iMessage. This is not in the interests of users, and it means that WhatsApp remains the better option.

As for this iCloud backup issue, although it appears to be an iCloud issue that WhatsApp cannot fix, in reality it could find a way to run backups without relying on iCloud and so prevent there being any risk. Signal has done exactly that, assuring that an iTunes or iCloud backup does not contain any of your Signal message history.

Meanwhile, make sure you enable WhatsApps encrypted backup option when it reaches your phone, dont lose your password, and go into those iCloud settings and toggle off WhatsApp. With all that done, Zuckerberg is right, WhatsApp leads the way for hyper-scale messaging platforms. His issue, though, is that WhatsApps privacy-preserving approach is moving ever further away from his other Facebook/Meta platforms. The case for its independence from Facebook has never been stronger.

Link:
Apple Can Secretly Read Your WhatsApp MessagesThis Is How To Stop It - Forbes