WhatsApp has switched on end-to-end encryption across all of its platforms. More than one billion monthly active users will now have all their messages, photos, videos and phone calls encrypted end-to-end.
The encryption applies to all devices operating on iOS, Android, Windows Phone, some Nokia and Blackberry devices and as a result messages can only be deciphered by the intended recipient. As a result WhatsApp won’t be able to facilitate a wiretap of the contents of users’ messages, even if faced with a subpoena. It’s unclear if the company will be able to help authorities intercept data on when they use WhatsApp or with whom they communicate.
“Over the past year, we’ve been progressively rolling out Signal Protocol support for all WhatsApp communication across all WhatsApp clients. This includes chats, group chats, attachments, voice notes, and voice calls across Android, iPhone, Windows Phone, Nokia S40, Nokia S60, Blackberry, and BB10.”
– Moxie Marlinspike, Open Whisper Systems
Before all users have updated to the latest version of the software for their platform, there will still be some plaintext on the network. To make this transition as clear as possible, WhatsApp clients notify users when their chats become end to end encrypted. Starting today, users will see a notice in their conversation screen as their individual and group chats become end to end encrypted. Additionally, the encryption status of any chat is visible under that chat’s preferences screen.
By default, WhatsApp users have the option to verify the authenticity of their encrypted session. This can be done by either scanning a QR code or by reading a string aloud. An updated Signal Protocol supports a fully numeric fingerprint format, which is called “security codes” in WhatsApp. A fully numeric fingerprint format has a few advantages:
- They’re easy to localize. WhatsApp has a billion active users across the globe, so using a wordlist in a single language is not an option, and trying to localize wordlists to make cross-language comparisons possible is very error prone. Likewise, hexadecimal representations are not compatible with all alphabets. However, all languages WhatsApp supports have a consistent concept of base 10 digits that security codes can be seamlessly localized to.
- They’re visually and audibly distinct. Numeric representations in all languages have a lot of evolution behind them which has pushed them towards visual and audible distinguishability.
- They’re still relatively compact. Users compare 12 groups of 5 digits with each other.
