Apple iMessage Widely Beaten By Radical New WhatsApp Update For iPhone
WhatsApp has suddenly launched another major strike at iMessage, as the battle between Facebook and Apple continues. This latest WhatsApp update is a serious issue for iMessage as it tackles Apple’s biggest platform weakness. If you are an iMessage user, WhatsApp just gave you a reason to switch.
“No other messaging service on our scale offers this level of security for your messages, from sending and transit to receiving and storing in the cloud,” WhatsApp told me, ahead of the announcement confirming that ‘it would finally allow encrypted cloud backups on iOS and Android “in the coming weeks”.
I’ve commented on several occasions before about WhatsApp’s annoying lack of encrypted backups, seriously weakening its security. “We thought you’d be excited about this one,” the company spokesperson told me. And they are right.
This was an announcement important enough to be confirmed by Facebook CEO Mark Zuckerberg himself, the extension of WhatsApp’s end-to-end encryption to iCloud and Google backups means neither Apple nor Google (nor Facebook itself ) will not be able to access your cloud content, even when approached by law enforcement.
“WhatsApp is the first global messaging service on this scale to offer end-to-end encrypted messaging and backups,” Zuckerberg said on Facebook, “and getting there was a very difficult technical challenge that required a whole new framework for the key storage and cloud storage on all operating systems.
WhatsApp has always warned users that “the media and messages you back up are not protected by WhatsApp’s end-to-end encryption in the cloud.” WhatsApp has never had access to these backups: they are controlled and secured by the relative cloud platform, especially iCloud or Google Cloud. Well, not anymore.
This level of security is possible on iMessage, but only if you change the default settings on your iPhone and other Apple devices. To fully encrypt iMessage backups, you must turn off iCloud General Backups, otherwise Apple stores a copy of your encryption key, which it can access if needed or requested.
“IMessage users may mistakenly believe their communication is private,” warned ESET’s Jake Moore, “but with access granted from a simple backup created, it somehow compromises its success in protection.”
As Apple says, “Apple retains the [iCloud] encryption keys in its US data centers. ICloud content, as it exists in the customer’s account, may be provided in response to a search warrant issued upon presentation of probable cause or the customer’s consent.
The way to make sure that Apple cannot read your messages, that your content is backed up and fully encrypted, you need to make sure that both messages in iCloud are activated that this iCloud backup is disabled. This way, “a new key is generated on your device to protect future messages and is not stored by Apple”.
It was this iMessage weakness that Zuckerberg was referring to in January, when he said that “iMessage stores end-to-end encrypted backups of your messages by default, unless you turn iCloud off.” This gives Apple and governments the ability to access most people’s messages. So when it comes to what matters most – protecting people’s messages, I think WhatsApp is clearly superior.
In reality, that hasn’t been the case until now – WhatsApp had its own equivalent issues, without Apple’s option to correct the situation. But that has changed. You just need to turn on the activation function when it reaches your device and remember the encryption password, WhatsApp cannot recover it. This is the goal of end-to-end encryption.
IMessage security only works within Apple’s ecosystem, which is why this update is so important. iMessage is no longer the most secure large-scale messaging platform for Apple users. A fully encrypted, backed up, multi-device and secure messenger that works on iOS and Android is about to be available for the very first time.
The technical challenge for WhatsApp is that it doesn’t have the cloud service, so it needs a way for you to recover and restore a backup after losing a device. This is done by selecting a password that protects an encryption key that is stored on third party servers. If you lose your device, you use your password to recover your key.
The third party can’t access the encryption key without your password — WhatsApp doesn’t have access to any of these. After a number of unsuccessful access attempts, the encryption key is destroyed. If you want to make this even more secure, you can create your own 64-digit encryption key and keep it yourself, without storing anything beyond your control.
Either way, if you lose your password or key, you lose your backup. You should also deselect options to backup WhatsApp using Apple or Google backup process.
The battle between iMessage and WhatsApp has come to illustrate the war between Apple and Facebook, adding spice to this latest news. “We see Apple as one of our biggest competitors,” Zuckerberg said. iMessage is a key part of their ecosystem, which is why iMessage is the most widely used messaging service in the United States.
The timing for WhatsApp couldn’t be better. The platform has always had two major weaknesses on which Apple provided the best alternative. Multi-device access and encrypted backups, despite needing to adjust your iCloud settings.
WhatsApp already has multi-device access in the public beta, now this encryption news comes full circle for the world’s most popular messenger. And, WhatsApp has this advantage over iMessage in that it works across multiple platforms without reverting to SMS. Unless and until Apple embraces RCS, this will remain the platform’s ultimate advantage over iMessage and newly encrypted Google messages.
There’s another feature that WhatsApp introduced this year at Apple’s expense: messaging and media disappearance. As I said before, this is a great defense against occasional posts or photos and videos that resurface years later to cause damage.
WhatsApp now offers both ephemeral messages and a “view once” multimedia option, both of which are great additions. In contrast, iMessage may only offer a storage cleaning option to reduce clutter on your device, but that won’t remove content on other users’ devices, which is the whole point of ephemeral messaging.
I’m a big fan of the transparency and technical details that WhatsApp provides here, which also contrasts with Apple’s more “black box” approach; very few users, for example, realize that their encrypted iMessages are likely accessible in iCloud.
Security experts have always pointed out the lack of encrypted backups as a weakness of WhatsApp, and so it is a game-changer. WhatsApp remains recommended for most users, via Google Messages, iMessage, Telegram, Facebook Messenger and (especially) SMS. While I also recommend users to run Signal in parallel which is even more secure, go for the one where your contacts have it on their devices.