After television news channels started leaking selective chats belonging allegedly to actor Rhea Chakraborty, many users aren’t sure if their messages are indeed end-to-end encrypted or whether they are secure.
WhatsApp messaging service has once again come under a cloud of questions regarding its security features.
Let take a look at both the questions separately.
HOW ARE NEWS CHANNELS GETTING WHATSAPP MESSAGES?
Most likely, leaked chats or retrieved chats by central agencies may have been leaked to some sections of the media. One can be assured that no television network has managed to break into encrypted WhatsApp chats and intercepted them.
IS WHATSAPP END-TO-END ENCRYPTED?
Yes. WhatsApp is indeed an end-to-end encrypted messaging platform. This means that the chat is encrypted even when it is moving from one device to another and can only be read in decrypted plain-text by the sender and receiver of the message.
However, the encryption is only on the WhatsApp app. It does not extend to the back-up files of the chats that are saved in a folder on the device or on the cloud devices. Moreover, screenshots of chats are saved in the phone’s gallery. These are all outside of the encrypted WhatsApp platform.
WhatsApp’s end-to-end encryption uses the Signal Protocol, designed by Open Whisper Systems. This end-to-end encryption protocol is designed to prevent third parties and WhatsApp from having plaintext access to messages or calls.
“It’s important to remember that people sign up on WhatsApp using only a phone number, and WhatsApp doesn’t have access to your message content,” the statement added.
DOES THAT MEAN ALL MY CHATS ARE SECURE?
An important distinction needs to be made here. The WhatsApp platform is end-to-end encrypted meaning no third party actor can intercept the message or decrypt it. Only the sender and receiver can see the plaintext of the messages, videos and images.
Agencies can then create what is called a ‘mirror image’ of your phone, and copy and then transfer all the data onto the separate device.
Agencies can, with the help of forensic experts, “retrieve all kinds of data like phone call records, messages, images, WhatsApp chats, as well as the data on your phone’s cloud service, like Google Drive or iCloud, including anything that has been deleted.”
The backup stored on the device or on cloud is not under WhatsApp’s end-to-end protection. One must ensure one’s device and/or cloud has a strong password or pin protection.
1. Never take screenshots of chats2.Backing up chats can put users to risk- “iPhone users can switch off bothchat backup options on their phone – WhatsApp and iCloud. In Android phones, chat backups are created automatically in the device’s storage, which can’t be turned off.
To access your chats, investigation agencies either ask for your password and access the data, or opt for digital forensics and clone your phone’s data on another device. But are these chats admissible in the court?
“Yes, but only as secondary evidence. It becomes primary evidence only when the contents of a mobile phone are produced along with the device itself. When placing digital evidence in court, the investigation agency has to produce certificate under 65 (B) of the IT Act, which explains that data is obtained from which device and that it hasn’t been tampered with.”When a phone is physically damaged or non-functional, then chats generated by the device are not considered as primary evidence.