The controversy is swelling around the security of WhatsApp backups on Google Drive. An investigation by attorneys general in the United States accuses Google of intentionally concealing that WhatsApp conversations saved on its platform were not end-to-end encrypted.
Would Google have lied about the security of WhatsApp conversations saved on Drive? This is what emerges from a vast investigation carried out by American attorneys general, reports the MSPoweruser site. The document published online (PDF) examines the practices of the Californian firm and the record is not very bright: the giant is accused of deceptive and anti-competitive commercial practices in the advertising market. Among the items, one case concerns the privacy of WhatsApp backups on Google Drive.
The cloud storage service has since 2015 allowed Android users to save a copy of their WhatsApp data to Google Drive. Conversations, photos and videos shared via the application are concerned and the functionality is very practical when changing smartphones. An element that the Google teams, which do not count WhatsApp backups in the calculation of Drive storage, did not fail to highlight when it was launched. “Of course: you don’t want your memories to be stuck on your phone. (What if something happens ?!) So starting today, WhatsApp for Android lets you create a private backup of your chat history, voicemail messages, photos, and videos in Google Drive “, wrote the Mountain View giant on its blog in 2015. It also praised the security aspect of its solution, as shown in this screenshot:
In 2015, Google promised to keep your posts ” safe “ in Google Drive. © Google
However, the dozen attorneys general are relying on an internal memo from 2016 to accuse Google of intentionally deceiving Google users. “WhatsApp’s current talk about end-to-end encryption isn’t quite true”, would indicate the memo in question. And to add that “WhatsApp currently reports that all communication through its product is end-to-end encrypted, with keys that only users have. They failed to specify that data shared from WhatsApp to third-party services does not benefit from the same guarantee. This includes backups to Google Drive. “
The complainants also ensure that Google did nothing to explain that this data was stored in the clear and that the company was making these backups. “Opaque”. “As a result, users could not log into Google Drive to find out that Google had access to their decrypted WhatsApp communications”, can we read in the document. For attorneys general, “Omissions and concealments” of Google have enabled its storage service to gain millions of users. They state in the document that around 434 million WhatsApp users backed up around 345 billion WhatsApp files to Google Drive and that the service gained around 750 million new backup accounts as of May 2017. “In short, Google had no problem violating the privacy of nearly a billion users if it helped them grow their business.”, reports the complaint.
The WhatsApp app doesn’t lie
While awaiting a reaction from Google, it should be noted that these accusations refer to the deployment of the backup function in 2015. The screenshot published by the Mountain View firm (see above) confirms to elsewhere than the application and its functionality have evolved. In the settings of WhatsApp, we can currently read that “Messages and media saved in Google Drive are not protected by WhatsApp end-to-end encryption”.
The WhatsApp application specifies that the data saved in Google Drive is not protected by end-to-end encryption. © Screenshot / L’Éclaireur Fnac
Same observation in the FAQ of the famous service of Facebook which caused controversy at the beginning of the year after the presentation of its new conditions of use. Also note that WhatsApp is starting to offer backup encryption in Google Drive and iCloud.