WhatsApp is reportedly working to increase the security of its cloud backups with a new password protection feature that’ll encrypt chat backups, making them accessible only to the user. WABetaInfo reported on the work-in-progress feature last year, and today it shared screenshots of how it could be presented in the service’s iOS and Android apps.
“To prevent unauthorized access to your iCloud Drive backup, you can set a password that will be used to encrypt future backups,” one of the screenshots reads. “This password will be required when you restore from the backup.” The app then asks the user to confirm their phone number, and select a password that’s at least eight characters long. Another screenshot warns that “WhatsApp will not be able to help recover forgotten passwords.”
• The chat database is already encrypted now (excluding media), but the algorithm is reversible and it’s not end-to-end encrypted.
• Local Android backups will be compatible with this feature.
The chat DB and media will be encrypted using a password that only you know. https://t.co/WAliLUnF18
— WABetaInfo (@WABetaInfo) March 8, 2021
Although WhatsApp chats are end-to-end encrypted, meaning they’re only visible to the sender and recipient, the service warns that this protection doesn’t extend to online backups stored on Google Drive and iCloud. Once on these servers, the security of the backups is the responsibility of the cloud service providers, who in the past have made them accessible to law enforcement authorities with valid search warrants. Encrypting the backups with a password only you know would theoretically prevent anyone from accessing your chat history without your authorization.
WhatsApp declined to comment on the unannounced feature when contacted by The Verge, but WABetaInfo has a good track record of unearthing features before they become official. It’s spotted features like adding contacts via QR codes or disappearing messages long before their official announcements.