WhatsApp on Friday denied reports that suggested there was a security backdoor to the messaging service’s end-to-end encryption protocol. A report published in The Guardian on Friday alleged that it was possible for Facebook and other applications to intercept and read entire conversations on the app.
“An intentional design decision in WhatsApp that prevents people from losing millions of messages is a backdoor allowing governments to force WhatsApp to decrypt message streams,” The Guardian report had said. However, a WhatsApp spokesperson denied the claim as false. “WhatsApp does not give governments a backdoor into its systems and would fight any government request to create a backdoor. It offers people notifications to alert them to potential security risks,” the spokesperson said.
The messaging service further highlighted the technical white paper it has published on its encryption design, in which the Facebook-owned company says it has been “transparent about the government requests it receives”. It has published data on such requests in the Facebook Government Requests Report.
WhatsApp’s end-to-end encryption is based on technology that scrambles messages in a way that requires keys to unscramble them. These keys are shared only between the phones sending messages, and even WhatsApp does not have access to them. However, new research published in The Guardian suggests that while users are offline, WhatsApp has the power to change these keys, making them much less secure.
Cryptography and security researcher Tobias Boelter, who found this alleged security flaw, said the company could use this backdoor to access entire conversations. The Facebook-owned messaging service rolled out end-to-end encryption across all devices in April 2016.