WhatsApp warns that Google Drive backups are not encrypted
Facebook-owned WhatsApp has recently announced that, starting on November 12, 2018, Android users will be able to store their WhatsApp backups on Google Drive without the backup being counted toward Google Drive’s storage quota.
But, the company warns, those backups won’t be encrypted. That means that the chats, photos and videos sent via the app and backed up on Google Drive are accessible to Google, but also to hackers that manage to compromise users’ Google Drive account.
According to the new agreement, WhatsApp backups that haven’t been updated in more than one year will also be automatically removed from Google Drive storage.
Explicit confirmation
WhatsApp has long allowed people to store their messages in Google Drive, but they counted towards users’ Google Drive storage limit.
Users who take advantage of the option have to have a Google account activated on their phone and Google Play services installed on it.
“You can back up your chats and media to Google Drive, so if you change Android phones or get a new one, your chats and media are transferrable,” the company explains in its FAQ document.
The fact that these backups are not encrypted was not unknown, but WhatsApp thought it wise to add the confirmation – “Media and messages you back up aren’t protected by WhatsApp end-to-end encryption while in Google Drive.” – to the FAQ and to explicitly point it out as important.
To protect their backups on Google Drive, users are advised to set up a strong (long, complex and unique) password for the account and to take advantage of the two-factor authentication option provided by Google.
WhatsApp implemented message encryption in August 2012 and it had its faults.
In 2016, with the help of Open Whisper Systems, the company integrated the open source, forward secure Signal Protocol for asynchronous messaging systems into the app, and turned end-to-end encryption on by default. Still, flaws in the implementation are occasionally discovered.