WhatsApp Messenger encryption and security issues
In January 2017, the media reported that outsiders can read WhatsApp correspondence, despite the use of WhatsApp end-to-end encryption. This method allows you to encrypt and decrypt messages immediately on your phone. The key used for encryption should be unique for each user.
Despite this episode, the popularity of the messenger has not decreased at all. It continues to be used by millions of people all over the planet. Many of them consider WhatsApp as a safe application with the appropriate security level.
As it’s known, even the most advanced data protection system cannot provide absolute security. Of course, the security of the correspondence is provided by WhatsApp encryption, but nevertheless, many things depend on the user’s behavior. If you follow the simple rules of cybersecurity, the threat of collision with intruders and leakage of personal data is reduced to a minimum.
How to secure WhatsApp use?
Let’s start with the privacy settings. You can open information about the time spent in the application, profile photo, information, status and geodata for all users of the messenger, for your contacts or hide them completely. Regardless of the settings you choose, try not to publish important information that can help attackers determine your location or habits in the status or in the profile photo.
In the application settings, the “Security” section, you can enable notifications about the change of the encryption WhatsApp key at the people from your contact list. Exactly this feature was mentioned at the very beginning of the article.
You can also enable two-step verification using a PIN code. Of course, do not tell anyone this code. In the “Request a Report” section, you can ask the application to send you a report on your account information and settings. In this case, it will not contain messages from the correspondence. The report is prepared in about 3 days.
In the application, you can use two more important functions:
- Changing the number. If the number changes, all account settings will be reset. “If you have changed both the phone and the number, first change your number on the old phone,” recommended in the settings description.
- Account deleting. When deleting, the following items will be deleted: account in the messenger, message history and automatic deletion from all WhatsApp groups.
The messenger encrypts all calls made through it and also notifies the user whether the encryption settings are used in the groups it is a member of.
Additional tips to secure your communication
WhatsApp has done a bit of noise by turning on terminal encryption for more than a billion of its users. The term “terminal” means that messages are encrypted before they leave your phone, and are decrypted only in the recipient’s phone. Thus, no one, not even the messenger itself, can read or listen to it. It is not surprising that this decision aroused the support of privacy advocates and law enforcement concerns (although life is not without irony: the development of the encryption WhatsApp technology used also US budget money).
Note that intercepting messages at the time of their transmission is just one of the ways to monitor your activity, and it is rather unlikely. Encryption itself is not much use unless you also follow the rules below.
You do not save messages in the phone
If you really want no one else to read your messages, delete them immediately after reading. If someone takes possession of your phone (steals, for example) and can unlock it, he will get access to everything that is stored in the memory. Some instant messengers, such as Telegram, have a “self-destruct” feature when activated, messages are automatically deleted after a specified period of time. There is no such feature in WhatsApp yet. (On the other hand, in Telegram, terminal encryption does not work by default, you need to turn it on especially.)
You do not save messages to the cloud
WhatsApp does not save your correspondence on their servers. But, for example, on the iPhone, you can save a backup copy of messages on iCloud( the Apple cloud service). As soon as information reaches the cloud, it can be intercepted by the government.
Hopefully, it’s not necessary to say separately that taking screenshots of messages you deleted also puts you at risk if photo backup is on or you lose your phone.
No one is watching your screen
If someone can see the screen of your phone with the correspondence, then it is pointless to encrypt it. Moreover, given the rapid spread of telephones with powerful cameras, the only way to fully protect yourself from this is to leave all possible lines of sight and exclude any nearby reflective surfaces, including glasses, and perhaps even the eyes themselves. So, perhaps, it is best to keep correspondence in a room without windows, leaning back against the wall.
The person you are talking to takes the same precautions
This is logical, isn’t it?