Your WhatsApp messages are now more private than ever, thanks to technology touted by none other than Edward Snowden.
Since last week, messages sent by WhatsApp’s Android users have been encrypted end-to-end by default after the messaging giant partnered with Open Whisper Systems, a nonprofit software group. (End-to-end encryption means only the sender and receiver can read them.) The partnership was announced on Tuesday.
The messages are now secured with Open Whisper System’s encryption protocol, the same one used for its own secure app TextSecure. Fro Android, the encryption is now baked in by default, meaning users don’t have to do anything to turn it on. By all accounts, WhatsApp acts and looks just the same.
Android users are the first to get this added layer of security, but the protocol will be rolled out for all users across platforms in the near future, according to Moxie Marlinspike, the founder of Open Whisper Systems.
Given WhatsApp’s 600 million users — the app was acquiredby Facebook in February — Marlinspike and his small team of developers might be closer to that ambitious goal than ever. His group already has some of the most well-respected secure messaging apps, including TextSecure (for Android secure messaging), RedPhone (for Android secure calls) and Signal (for iOS calls).
These apps have been praised by technologists as well as Snowden, the NSA leaker who has exposed countless top-secret surveillance programs, preaching the need for more secure and private communication tools.
“Don’t send your texts unencrypted,” Snowden said during a recent talk with The New Yorker‘s Jane Mayer. “Use programs like Redphone, like Silent Circle — anything by Moxie Marlinspike and Open Whisper System.”
This partnership might be Open Whisper System’s coming of age. Marlinspike co-founded the startup Whisper Systems in 2010, and after just more than a year, Twitter bought it. In 2013, Marlinspike re-launched Open Whisper Systems, leading the development of its secure messaging and calling apps, which are all open source.
Partnering with WhatsApp makes sense because it brings secure end-to-end-encryption to many more than those who use Open Whisper System’s more niche products. (TextSecure, for example, has between 500,000 and 1 million installs, according to Google Play.)
“I don’t think that we’re ever going to get an app like TextSecure to be as popular as WhatsApp and really I don’t know that’s where we need to focus our efforts,” Marlinspike said in a phone interview. “It makes more sense for us to integrate this stuff into existing apps than to try to compete with them.”
It also makes sense for WhatsApp, which has been criticized over the years for a series of security and privacy snafus. The security community has often been critical of the messaging app. But now, after the announcement, the tone is already changing.
For Matthew Green, a cryptography researcher and professors at Johns Hopkins University Information Security Institute, this is a “very significant” development because even though TextSecure is a good, secure app, it doesn’t have the same reach as WhatsApp.
“Now there are people who don’t even know what encryption is, who will still get the benefit of a strong encryption protocol on all their messages,” he said.