WhatsApp made waves yesterday with its decision to switch on end-to-end encryption for all its billion-plus users. “End-to-end” means the communication is encrypted before it leaves your phone and decrypted only after it reaches the other person’s phone, so nobody else, not even WhatsApp itself, can read or listen to it. Predictably, privacy activists are delighted and law-enforcement types are worried (though ironically, US government money helped fund the encryption technique WhatsApp uses).
But before you start using WhatsApp to plot your overthrow of the global capitalist regime, bear in mind that intercepting your messages in transit is just one—indeed, possibly the least likely—of the ways a hostile party might try to snoop on you. Encryption alone isn’t much help unless all the following things are happening as well.
You’re not storing messages on your phone
If you really need a message to stay secret, delete it after it’s read. If someone gets hold of your phone (e.g. by stealing it) and can get into it—as the FBI has now done with the iPhone used by the San Bernardino shooter—everything that’s on there will still be accessible. Some messaging apps, such as Telegram, have an “auto-destruct” feature that deletes messages from the phone after a set period of time. WhatsApp currently doesn’t. (Telegram, on the other hand, doesn’t use end-to-end encryption by default; you have to choose it.)
You’re not backing up messages to the cloud
WhatsApp doesn’t store your messages on its servers. But in an iPhone, for instance, you can tell WhatsApp to keep a backup of messages in iCloud, Apple’s cloud storage service. Once the information is in the cloud, it could be subpoenaed by a government.