If you use WhatsApp (likely perhaps?) you probably started noticing messages like the following popping up in all your conversations starting yesterday:

WhatsApp encryption activation message: Messages you send to this chat and calls are now secured with end-to-end encryption. Tap for more info.

Messages you send to this chat and calls are now secured with end-to-end encryption. Tap for more info.

This is a good thing, especially after many users started becoming aware of the existence of the secret chat feature of WhatsApp rival app Telegram. At least, Telegram should be thanked for making more users think about their digital communications a little bit, if only for making them realize that, if you could turn on a chat encryption feature, perhaps by default your communications were not that secure.

Of course, WhatsApp now belongs to Facebook, not exactly a company that has the utmost interest in your privacy, but this is definitely a nice step towards making the average feel more secure when they use their app. Is this enough though?

WhatsApp collaborated with Open Whisper Systems when implementing this feature. OWS’s credentials are definitely good if you are a privacy and anonimity fanatic, so it would appear things were good. Still, the fact remains that WhatsApp is not open source, so you cannot know how your private keys are handled.

If you want some technical details, WhatsApp has published a whitepaper titled WhatsApp Encryption Overview explaining their encryption process. Things look good on the surface, with each message being encrypted with a different key and the like, but the fact still remains: how is this actually implemented? How are keys handled? Where are they saved? Can they be somehow retrieved? Have independent security audits and pentests been carried to check for vulnerabilities? Who tells me things won’t change in the future?

The PDF linked above states this:

At no time does the WhatsApp server have access to any of the client’s private keys.

Good stuff. But with the whole app being closed source, do you want to trust them?

Whatever your decision is, I’ll give WhatsApp kudos for enabling encryption by default and for implementing the whole transition to the new system in a completely frictionless way.