WhatsApp just got a whole lot more secure for Android users. On Tuesday, secure messaging company Open WhisperSystems announced that it has helped add a strong encryption protocol to the WhatsApp Android app, which means that WhatsApp (or its parent company, Facebook) can no longer read your messages in transit.
Even better, for supported devices, encryption is on by default. While there are apps with similar levels of security, WhatsApp, by many measures the most popular messaging platform in the world, is by far the largest messaging system to adopt strong end-to-end encryption.
WhatsApp is using the TextSecure protocol, which is developed by Open WhisperSystems and is also used in its own standalone app, TextSecure (currently transitioning to the Signal brand, which it is already using in its iOS incarnation.) The idea behind end-to-end encryption is that WhatsApp won’t be able to decrypt messages sent on its network, even if requested by police or national security agencies.
Other messaging systems, like Apple iMessage or BlackBerry BBM, feature strong encryption. But in the case of iMessage, it’s possible for Apple to change encryption keys so it could be able to read messages in transit, and BlackBerry certainly has the power to peek at your messages. WhatsApp won’t — the TextSecure protocol is open source and audited, so you can be sure your messages can’t be read by anyone besides you or your recipient (barring an unforeseen vulnerability.)
WhatsApp is wildly popular in developing markets like India, which has compelled messaging providers like BBM in the past to give up their encryption keys.
There’s no word on when end-to-end encryption will become available for the iOS version of WhatsApp, and there’s no way to encrypt group chats and media messages (like photos), or to verify users’ keys yet. Open WhisperSystems said in its blog post: “WhatsApp runs on an incredible number of mobile platforms, so full deployment will be an incremental process as we add TextSecure protocol support into each WhatsApp client platform.”
Encryption can be very complicated and non-user-friendly — by building it into WhatsApp and turning it on by default, Facebook is making our world a little more private.