For the millions of WhatsApp and iMessage users excitedly preparing to upgrade to the brilliant new iPhone 12, you’re about to see Apple school WhatsApp in how to get messages up and running on a new device without compromising security. This is a serious problem—a gaping vulnerability in the way WhatsApp works—and one that needs fixing.
Both WhatsApp and iMessage are end-to-end encrypted. Messages can only be read by senders and recipients—which should be your go-to standard for messaging. If you upgrade to a new iPhone 12, you’ll transfer your message accounts and histories to your new phone. But, in doing so, the security of those messages differs between iMessage and WhatsApp and that end-to-end encryption can be compromised.
The issue relates to Apple’s iCloud, and the very different ways in which WhatsApp and iMessage use iCloud day to day and, critically, to transfer across to a new device.
WhatsApp’s “chat backup” offers iCloud as its only option—and it advises this backup to be used to restore messages to a new iPhone. “Backup your chat history and media to iCloud,” it says, “so if you lose your iPhone or switch to a new one, your chat history is safe.” But that use of the word “safe” has a serious caveat.
Critically, “media and messages you back up,” WhatsApp admits, “are not protected by WhatsApp end-to-end encryption while in iCloud.” It’s not just you and those you message that can see content. You’ve given Apple a key. If law enforcement calls on Apple with a warrant, for example, your WhatsApp backups can be accessed. This security issue undermines WhatsApp’s end-to-end encryption.
Apple used to have the same issue with iMessage, that anomaly where end-to-end encryption was invalidated by cloud backups. And then it was fixed in 2017 with iOS 11. And that makes it much worse that we have yet another new iPhone release with this security vulnerability for WhatsApp users still in place.
Let’s put this more simply, WhatsApp’s recommended method to transfer your account to a new iPhone was rejected by Apple for its own iMessage three years ago, given the serious security and privacy concerns involved.
So, how did iMessage fix the problem? Unlike WhatsApp, iMessage offers multi-platform access. You can use the same iMessage account on your iPhone, iPad and Mac. Not only that, but Apple also offers the option to sync your full message history across all those linked devices. If you add a new device, you simply enable “Messages in iCloud” under your iCloud settings and all your messages will be uploaded.
“Messages in iCloud” maintains end-to-end encryption, “your data is protected with a key derived from information unique to your device, combined with your device passcode, which only you know” Apple explains. “No one else can access or read this data.” Apple does not have a key. There is a serious “but,” though. “If you have iCloud Backup turned on, your backup includes a copy of the key protecting your Messages.”
If the encryption limitation with iCloud backups is little understood across Apple’s vast userbase, this innovative iMessage fix now in place is even less well understood.
You don’t need to back up WhatsApp to iCloud—but you risk losing your message history if you lose or change your phone. Similarly, you don’t need to enable Apple’s iCloud backups, storing an iMessage key. But, with iMessage, you would need to lose access to ALL your devices to lose your messages.
As ever more data can be synced using iCloud or other cloud services, the idea of having a unified backup in case you lose a device becomes much less critical. All of which hits home when upgrading to a new device, where the process is designed around iCloud’s syncing by default. But WhatsApp still uses backups.
All of this leaves WhatsApp in an uncomfortable spot. After all, the encryption fight between big tech and lawmakers revolves around the inability for investigators to break end-to-end encryption. Where the platforms cannot access your data, they cannot be compelled to do so by law enforcement agencies. Rely on cloud back-ups, though, and you’ve done the work of breaking end-to-end encryption for them.
“Some of your most personal moments are shared with WhatsApp,” the messaging platform says, “which is why we built end-to-end encryption into our app—your messages, photos, videos, voice messages, documents, and calls are secured from falling into the wrong hands.” WhatsApp’s parent Facebook has warned that such “wrong hands” include themselves, in the event of any “compromise of server and networking infrastructure.” Again, though, cloud back-ups invalidate that security.
There are options to address this, but they make the upgrade process complicated. You can back up your old device to a Mac or PC, and restore from there or you can also use iPhone’s offline device-to-device migration, introduced last year, and hope it restores WhatsApp. But this is not how WhatsApp advises you to transfer messages to a new phone, and if you disable WhatsApp’s iCloud backup, you run that risk of a lost or crippled device resulting in a lost message history.
WhatsApp reportedly now has both multiple linked devices—with full message histories on all devices—and end-to-end encrypted backups in the works. Either of those updates will fix this issue and provide a secure way to transfer WhatsApp to a new iPhone. But neither look likely to be in place in time for the millions set to receive new iPhone 12s in the coming few weeks.
Yet again with WhatsApp, its upstart rival Signal has taken a lead in launching secure features that WhatsApp is missing. Signal offers multiple device options, but unlike Apple it preserves the concept of a primary device and does not offer a cloud backup option. If you lose your phone, you will lose your message history. But you can transfer Signal messages from an old iPhone to a new one, securely, using its new direct device-to-device transfer, launched this year in time for iPhone 12.
For most of us, the risk that our end-to-end encrypted messages might be stored without end-to-end encryption in the cloud may be dismissed as less of a risk than losing a device. Signal’s refusal to offer even an encrypted offline backup option, along with its primary device architecture centered on your smartphone presents a lost device risk—and that will not work for many everyday uses.
But as iMessage has shown, there are ways to preserve security and resilience—we don’t need to make a hard choice between the two. The issue with iMessage, of course, is that its end-to-end encryption is limited to Apple’s ecosystem. For everything else it relies on SMS, which is a security nightmare. WhatsApp is perfectly placed to meet all the key requirements but needs to quickly address its backup/linked devices issues. At which point its main problem will be its Facebook ownership—a whole different story.
In the meantime, millions will follow WhatsApp’s advice and use iCloud chat backups to transfer message histories to new iPhone 12s. At least now you know the security and privacy implications of doing so.