Apple’s iPhone has broken Facebook’s business model this year, stripping billions in ad revenue from the social media giant. Now it seems the iPhone can also break WhatsApp’s huge new security update, unless millions of you change your settings.
“No other messaging service provides this level of security for your messages,” WhatsApp proudly told me in September, as Mark Zuckerberg proclaimed WhatsApp the first global platform “to offer end-to-end encrypted messaging and backups.” Unfortunately, a fairly well-hidden setting on your iPhone might stop this working, putting all those private WhatsApp messages where Apple can read them.
WhatsApp’s messages have been secured by end-to-end encryption for years. The issue that Facebook fixed was the security wrapper around the messaging platform’s cloud backups, hosted courtesy of Google Cloud for Android and Apple iCloud for iOS.
Until now, WhatsApp’s cloud backups have been outside its encryption, meaning that Apple or Google can access your chats and media. Law enforcement requests on Apple for iCloud data could return WhatsApp backups along with everything else. But by adding encryption, WhatsApp stops anyone but you from accessing your backups.
I have warned about the dangers of unencrypted backups multiple times. “We figured you’d be excited about this one,” WhatsApp’s spokesperson said when they called to tell me that encrypted backups was ready and set for deployment. And now it’s here. The only problem is the way Apple sets up its iPhone could spoil the party.
The issue is the iCloud backup itself—the general iPhone backup that you can use to restore your settings, home screen, app installs and data that’s only on your phone. Your iCloud backup isn’t end-to-end encrypted, Apple holds the key to all that data.
Zuckerberg has attacked iMessage in the past for security weaknesses relating to this iCloud backup. “iMessage stores non-end-to-end encrypted backups of your messages by default unless you disable iCloud,” he has warned. “Apple and governments have the ability to access most people’s messages. So, when it comes…