Are all WhatsApp messages logged?
No. There have been many investigations of WhatsApp’s security model and so far there are no indications that this is possible.
Can I just recreate someone’s key to read their messages?
No. There have been poorly worded articles hinting that there is a security flaw in WhatsApp that allows attackers to read messages. While it is possible to trigger the key recreation, this would require access to the WhatsApp servers. Even with access to the servers, this would only allow the attacker to decrypt future messages, not messages that have been sent before the attack. Additionally, it is possible to enable notifications about security changes in WhatsApp. That means each time a user’s key is regenerated, the notification “User’s security code changed. Tap for more info.” is displayed. As many users have already enabled these notifications, it is impossible to execute the attack on a global scale.
Is my privacy protected when using WhatsApp?
No. Although all message contents are encrypted, the metadata is stored on WhatsApp’s servers. That means for each message, the date, time, sender and recipients are stored, including the phone number. This allows people with access to WhatsApp’s servers or law enforcement agencies to determine which WhatsApp users communicated with each other. However, the messages itself are encrypted, so it is not possible to see what was communicated.
Is Signal more secure than WhatsApp?
No. Both apps use the same encryption protocol and the overall technical differences are very small. Regarding the section “Can I use WhatsApp when the government is after me?”, all these statements apply equally to Signal.
However, in contrast to WhatsApp, Signal does not store metadata for each message, making it practically impossible to determine which Signal users communicate with each other.
Is Threema more secure than WhatsApp?
No. Threema uses a different encryption protocol, which claims to offer the same properties as the Signal Protocol used by WhatsApp. Regarding the section “Can I use WhatsApp when the government is after me?”, all these statements apply equally to Threema.
However, in contrast to WhatsApp, Threema does not store metadata for each message, making it practically impossible to determine which Threema users communicate with each other.
Are WhatsApp groups secure?
Yes. Despite poorly worded articles saying otherwise, WhatsApp group chats are as secure as individual chats. With access to the WhatsApp servers, it is possible to add users to a group without any of the group administrator’s approval. However, these new users would not be able to read past messages exchanged in the group and all other users in the group would still receive the notification that a new user has joined the group.
Are WhatsApp calls secure?
Yes. WhatsApp voice and video calls are end-to-end encrypted and the content cannot be accessed by someone other than the call participants. However, in comparison to text messages, voice and video chats are easier to intercept through other channels (for example a hidden camera or microphone in the room). There has been a bug through which attackers could compromise a phone by issuing a malicious video call, but the bug has been fixed before the issue was publicly known.
Can Facebook read my WhatsApp messages?
No. Even though some articles use misleading titles to say it’s theoretically possible, the same statements in the section “Can I use WhatsApp when the government is after me?” apply to Facebook, in particular items 5 and 6.
On iOS devices, there is an additional attack surface, because the Facebook and Facebook Messenger apps use the same group container, making it possible to exchange messages between Facebook and WhatsApp (“group.com.facebook.family”). To use this to extract messages from WhatsApp, an attacker would need to modify the Facebook app and WhatsApp. However, if the attacker were already able to modify WhatsApp, there would be no need to use this method, as he could just as easily insert a backdoor directly in WhatsApp, without needing access to any of Facebook’s apps. As described in “Can I use WhatsApp when the government is after me?”, this attack would require considerable resources and determination with high probability of being detected.
Are some WhatsApp messages logged?
Yes. It is highly likely that the NSA and other organizations are storing the encrypted messages. They do not have access to the plain text of the messages, but are storing them nonetheless, in the hopes that they will be able to decrypt them in the future. However, all cryptographic analyses that have been done so far indicate that this will not be possible in the next few decades.
Can I use WhatsApp when the government is after me?
Probably. There are several ways in which a message can be accessed by someone other than the intended recipient. However, any attacks against WhatsApp communications would require a very determined attacker with access to a lot of resources. While an attack against single individuals might be possible, executing it against all WhatsApp users would make it extremely likely that the attack will be discovered, rendering it useless for future uses. The following conditions would need to hold for the communication to be secure:
- The Signal Protocol must be secure. As the protocol has received a positive security analysis and has been around for some time, it is unlikely that an issue will be found with the protocol itself.
- The implementation of the protocol must be correct. This is not easy to prove, but the protocol implementation is available on GitHub and so far there are no reports of major security issues. At this point it is unlikely that a major issue will be found with this implementation.
- WhatsApp must use this implementation of the protocol. This is difficult to verify, as with each new version, the binary package (APK file) would need to be checked again. However, it is likely that there are individuals and organizations that keep a close look on any changes in the WhatsApp binary packages. It is very unlikely that a version containing a security issue will be globally distributed without anyone noticing.
- The app on your phone must be the officially distributed app. This is quite easy to verify, but actually very impractical, as you would need to manually download the APK file and verify the signing certificate instead of simply installing WhatsApp via Google Play or App Store.
An attacker might also be able to replace the installed app while having physical access to your device, so you would need to verify the app each time you use it. As both Google Play and App Store use strong cryptography when distributing apps, it is extremely unlikely for an attacker to install modified app versions without physical access to the target device. To date, there are no reports of Google or Apple being ordered to distribute modified app versions. - There must not be any backdoors in the WhatsApp code. This is very similar to item 3, but it is much harder to check, as the backdoor can be hidden in any of WhatsApp’s code: in addition to the Signal Protocol implementation, the UI code, audio call, video call and all other code would need to be checked. However, to date there are no public reports of any backdoors in WhatsApp (even though some articles use very misleading titles) and it is likely that widely distributed backdoors will be discovered quickly.
- There must not be any backdoors on your device. This is next to impossible to check as backdoors usually try to be as hard to detect as possible. A very determined attacker could use a security flaw in Android or iOS to gain full device access (“root”) and then extract WhatsApp’s keys from memory or access the messages directly. However, depending on the attack scenario, this would take considerable resources and is unlikely to be executed by anyone other than nation-state actors. Additionally, there is a possibility that the attack gets publicly known once it has been used, which means it is not in the interest of the attacker to use this attack on a broad scale.
- There must not be any side channel attacks. The recently discovered speculative execution issues (“Spectre”, “Meltdown”) might make it possible for other apps to access WhatsApp’s memory, something that is usually prevented by the OS. However, to date there are no reports of this being used (even though some articles might use misleading titles).
- You have verified each other’s WhatsApp security codes. Otherwise, someone with access to the WhatsApp servers would be able to pretend to be your communication partner (“man in the middle”).
- The messages must not be exposed through another channel. For example, on Android it is possible to backup the WhatsApp history to Google Drive, where all messages would be stored unencrypted.
These conditions would of course also need to hold for the communication partner, otherwise the messages could just be intercepted on the other end.
It is also possible to access secret information without using any technology at all, for example by looking at someone’s screen as they are typing a message or by using extortion or blackmail. Additionally, in contrast to message content, it is relatively easy to establish communication partners, as the connection information, including user’s phone numbers, is stored on WhatsApp’s servers and can be queried by law enforcement agencies.
Can I use WhatsApp when the government is not after me?
Yes. The attack scenarios outlined in the previous section are not easily implemented, but are relatively easy to detect in a post-mortem analysis. Once they have been publicly discovered, they can no longer be used and as the vulnerabilities needed to execute the attacks are extremely valuable, they would be used only in the most dire of situations.
Update 2018–06–19: Added the section “Is my privacy protected when using WhatsApp?” to make it clear that metadata is not encrypted. Added a paragraph to the section about Signal and Threema, stating the fact that they collect considerably less metadata than WhatsApp.
Update 2018–10–11: Added the section “Are WhatsApp calls secure?” to document that there was a bug in the video call functionality which has been fixed before the issue was publicly known.
Update 2019–01–06: Added additional links to existing research results about WhatsApp protocol and implementation security analysis.
