WhatsApp may leave deleted chats behind in your iCloud backups
Popular online messaging service WhatsApp has made all sorts of security news in recent years.
One of WhatApp’s early cryptographic SNAFUs involved using non-secret information to construct secret encryption keys, which is a bit like using your pet’s name as a login password.
The company went on to make two-time use of a one-time pad, a no-no in cryptographic circles. (It isn’t called a one-time pad for nothing.)
WhatsApp CEO Jan Koum subsequently asserted that “[r]espect for your privacy is coded into our DNA” little more than a year after the company was censured by Canadian and Dutch privacy authorities for violating privacy rules in both countries.
And the app went through a period of blurting out your location to eavesdroppers by communicating with Google Maps via unencrypted HTTP rather than using encrypted-and-authenticated HTTPS.
The company was bought by Facebook in early 2014, at which point we wondered whether that would make things better or worse.
Technically, at least, the acquisition seems to have done no harm, with WhatsApp now providing end-to-end encryption in a privacy-centred way, where WhatsApp itself never holds the cryptographic secrets that it would need to snoop on your messages as they pass through its service.
So much for what’s often called “encryption in transit” or “encryption in motion.”
Source | nakedsecurity