Skip to main content

WhatsApp rolls out end-to-end encryption using TextSecure code

WhatsApp rolls out end-to-end encryption using TextSecure code

Share this story

The most recent update to WhatsApp's Android app includes a surprising feature: strong end-to-end encryption, enabled by default. It's the strongest security any major texting app has offered, even compared with similar tools from giants like Google, Microsoft, and Apple. WhatsApp partnered with Open Whisper Systems for the launch, using open source code to build in the new features. It's unclear when the features will come to iOS, but just reaching WhatsApp's Android users represents a huge step forward for everyday encryption use.

WhatsApp is by far the largest platform to adopt the system

"End-to-end" means that, unlike messages encrypted by Gmail or Facebook Chat, WhatsApp won't be able to decrypt the messages itself, even if the company is compelled by law enforcement. The company will set up the key exchange between users, but only the two users will have access to the conversation itself. There are other end-to-end encryption apps on the market — most notably Cryptocat, Silent Text and Telegram — but with over 600 million users across the world, WhatsApp is by far the largest platform to adopt the system.

Open Whisper Systems is best known as the developer of the Signal, Redphone, and TextSecure apps. WhatsApp looked to TextSecure in particular, which keeps messages encrypted even if an attacker cracks the key at some point in the future, a feature known as forward secrecy. TextSecure has also published its source code and withstood numerous public code audits, earning the app a lot of credibility in security circles. Open Whisper has said the team will continue improving its in-house apps, but the company also expects to take on more integrations like this one in the future.

Still, it took a lot of work to get TextSecure's protocols ready for WhatsApps hundreds of millions of users. Open Whisper CTO Moxie Marlinspike says it took six months to get the code ready for such a large deployment, beginning shortly after WhatsApp was acquired by Facebook. "Most of our efforts have been focused on making our code easier to consume," Marlinspike told The Verge. "I've been really impressed with the dedication and commitment WhatsApp has to the project."