WhatsApp – What’s It All About ?

In this article we take a closer look at the World’s most popular messaging application, WhatsApp. We look at some of it’s features, how it’s unique encryption system works, and discuss some of it’s advantages and disadvantages. Please share this article widely.

So What Is It ?

With in excess of 800 million users worldwide, WhatsApp is a cross platform mobile app which allows the secure exchange of messages. With over 30 billion WhatsApp messages sent every day, it is far more popular than the older, traditional form of SMS messaging.

How is it Different from SMS ?

SMS is carrier based texting, sending messages using your phone’s carrier network. WhatsApp uses your wifi connection and thus doesn’t use your phone network. Messaging apps like WhatsApp are cheaper than SMS, have more features, run on multiple platforms and WhatsApp is ad free.

? Does Anyone Still Even Use SMS ?

The SMS facility is almost 25 years old and was introduced onto mobile phones as an afterthought and never designed to be secure. Sending SMS messages is widely considered to be one of the least secure things you can do on a mobile phone. SMS usage peaked in 2011 but has been in sharp decline ever since.

Security: One of the big attractions of WhatsApp

On March 17, 2014, shortly after their acquisition by Facebook, stirrings on social media from WhatsApp users concerned that their privacy was about to be railroaded caused WhatsApp to post this on their blog: “We built WhatsApp around the goal of knowing as little about you as possible: You don’t have to give us your name and we don’t ask for your email address. We don’t know your birthday. We don’t know your home address. We don’t know where you work. We don’t know your likes, what you search for on the internet or collect your GPS location. None of that data has ever been collected and stored by WhatsApp, and we really have no plans to change that.

To protect the security of it’s 800 million users, WhatsApp messages are encrypted. This encryption is based on a system known as TextSecure – which uses a cryptographic key that’s unique to an individual device. Wired claims the TextSecure system is “practically uncrackable“ (see the article at http://www.wired.com/2014/11/whatsapp-encrypted-messaging/), and the Wall Street Journal states that “the encryption is so robust that even the law enforcement won’t be able to decrypt WhatsApp messages“.

How Does WhatsApp Encryption Work?

Instead of storing the keys for unscrambling the encryption on a centralised server that’s owned and operated by the WhatsApp developers, end-to-end encryption works by instead only storing the keys on a user’s device. When combined with TextSecure, which uses a protocol called “forward secrecy” to issue a fresh key for every new message.

The WhatsApp service now differs significantly from similar instant messaging apps and social networks, who mostly still store the keys on their own servers as well as a person’s device. This means companies and governments can access the contents of these messages and data on demand, as well making it easier for hackers to gain access to private and personal information.

In fact, the move by WhatsApp is part of a larger movement towards increased privacy by leading tech firms, though not everyone is happy. When Apple and Google both expanded their encryption services in the run up to the WhatsApp announcement, FBI Director James Comey criticised the move, claiming that “the post-Snowden pendulum has [now] swung too far“.

WhatsApp claims it does not store any messages — including photos — on its servers. It only does so until your message is sent to the receiving phone. If the recipient of the message doesn’t receive the message after 30 days, the message will get deleted.

Take Care Though!

  • Be careful when using unsecured WiFi – Hacks do happen. Hackers who want to pry on your information and steal your photos can and will find ways, and they mostly do so when you’re using insecure networks, like airport Wi-Fi. Similarly only use networks that you trust.
  • Don’t use jailbroken iphones or rooted Android phones as these aren’t as secure.
  • Data recovery companies such as Data Clinic are usually able to successfully recover WhatsApp text messages from phones, even if those messages have been previously deleted. This is because messages stored on the phone can be read as plain text on that phone, so once the phone is unlocked the messages can be read. Deleted messages that have subsequently been overwritten can not be recovered.

Links & Footnotes

Here’s a WSJ article about Moxie Marlinspike, the writer of Textsecure and more recently, Signal: http://www.wsj.com/articles/moxie-marlinspike-the-coder-who-encrypted-your-texts-1436486274

Finally, this article is intended to be a basic informative introduction to the WhatsApp messaging service and should be treated as such.