Whatsapp has increased security by adding a unique encryption key to its iCloud backups.
Elmar Eperiesi-Beck, CEO at eperi GmbH, a leading provider of Cloud Data Security with a focus on data encryption, comments: "We think that only the highest degree of security, without compromises, makes sense. Everything else is just “feel good security” and not really secure.
"From a user perspective, the current WhatsApp feature is a “better than nothing” solution, which fails to address the following crucial points:
* WhatsApp did not unveil who owns the cryptographic key. Owning the key equals complete data access, so this question is very important for user data security. Key ownership has to be made transparent to the user so they can see who has access to their data.
* Only the user should be able to generate and access the key, for the above reason. WhatsApp currently seems to both generate and backup the key data. This means they have key access, and subsequently access to user data.
* The solution’s encryption quality is not provable right now because it is Closed Source. Only releasing the software as Open Source will allow every user to test it for backdoors/weaknesses and will provide a transparent way to evaluate if the software meets user requirements.
"Users have to ask what their demand is and against whom they want to protect their data. Right now, user data cannot be accessed by iCloud, but still by WhatsApp. Users have to decide for themselves if this solution satisfies them."