So, you’ve been using WhatsApp and are expecting all your messages to have true end-to-end encryption to keep your communications secure and private. Naturally, you’ve read the marketing that WhatsApp provides end-to-end encryption, but does it really?
Is WhatsApp Secure?
Is there a way that your messages can be accessed for review of the content, including text, images and videos?
The scary answer is, yes, they can! But it wouldn’t be in ways that can genuinely be described as breaching the encryption, but more in the functionality of the messaging and storage.
Your private message can be sent to WhatsApp for review. Yes, WhatsApp (Facebook, Meta) staff can see your private, end-to-end encrypted message.
What is the meaning of true end-to-end encryption?
To achieve true end-to-end encryption, your message’s content must be protected while it is not on either your device or the device of the recipient. The end-to-end encryption will also need to protect the message’s content whilst it is in transit, e.g., from “end to end,”. In addition, it also needs to provide encrypted protection for content that is backed-up off your device.
True end-to-end encryption ensures that all data that is communicated between you and your message recipient remains encrypted. It must maintain encryption at every point, so that only you and those recipients who hold the decryption keys can view the message. It is important to highlight that the platform that you are using to communicate cannot have versions of the same keys or be able to decrypt and re-encrypt whilst the data is in mid-transit or at rest. If these elements are possible, it means that the encryption is not truly “end-to-end.”
A major factor that dramatically reduces the privacy and security of WhatsApp messages is the fact they can be forwarded on to a 3rd party, unknown to the original sender.
This unencrypted message can then be reviewed in detail by the new recipient(s). The systems on which these messages are sent are also not designed for the originator to be able to retain control of their message once it has left their device. It will be down to the message originator trusting their intended recipient to act appropriately and not send the message on to anyone else.
Should the message be forwarded on to someone other than the intended recipient, there is a major risk that it can be sent on further to multiple others, devastating the original privacy.
This trust, unfortunately, cannot be always guaranteed and therefore there will always be the risk that messages can find their way into the wrong hands.
Essentially, in WhatsApp, the first and intended end point is a weakness. This could be a major issue for businesses, journalists or even private individuals conducting sensitive communications that have the need to retain control over their valued and private information.
This is where PRIVY Chat is fundamentally different to the processes used by WhatsApp. The PRIVY Chat, exclusively available to Blackphone PRIVY 2.0 users, uses military grade encryption protocols that can only be read by the message originator and the intended recipient.
The message is not backed up on any third-party server and encryption keys are retained on only the two devices and nowhere else.
PRIVY Chat features include:
- Peer-to-peer chat
- Secure group-chat
- Peer-to-peer VoIP calls
- PGP Chat
- Fully encrypted file storage
This is only the first part of the process. In order for the message originator to retain full control of their communication once it has left their device, PRIVY Chat is able to reverse burn the message on the recipient’s device, meaning the control of the message and its content is retained by the sender. It can even be set to auto-burn after a set period of time.
For example, these features are particularly effective when businesses are negotiating contracts or R&D details that need significant levels of security and privacy, and also journalists needing to protect their sources.
Further to these features, the additional smartphone security features for the Blackphone PRIVY 2.0 include:
- Zero-attack surface
- Triple password protection
- Verified boot
The Blackphone PRIVY 2.0 has been developed to support businesses to maintain their secure mobile communications. All sensitive information and file transfers are made safe from third party servers, which are always at risk of being hacked or the data itself is retained without any encryption.
The Blackphone PRIVY 2.0 delivers everything needed from a smartphone: security, functionality, and privacy.
Read more about the Blackphone PRIVY 2.0 or call our Sales Team on +44 (0)871 666 9 666.