[CONTENT-CHANGE] WhatsApp now offers encrypted cloud backup

[Smankusors]

Explain why it should be added

On Security List > Secure Messaging > Disable Cloud Services, it's mentioned that "WhatsApp backups are not encrypted". But now WhatsApp offers end to end encrypted backup. So even though other parties can obtain the backup, it will need user's password to read it. So I think this section should be updated to reflect this? Wdyt?

Additional Context

FAQ link: https://faq.whatsapp.com/general/chats/how-to-turn-on-and-turn-off-end-to-end-encrypted-backup

[Lissy93]

Yup, that should be updated. Are you able to submit a PR? No worries if now, I can also do it.

[Lissy93]

Also worth noting that a) not on by default, b) WA can still read your messages prior to them being backed up, c) WA stores your key, so this could be exploited or subpoenaed to read your messages anyway.

That last point was inferred from this section in the WhatsApp docs:

You can change the password for your encrypted backup even if you can’t remember your old password.

This implies that that a copy of the decryption key is stored somewhere...

[Smankusors]

Also worth noting that a) not on by default, b) WA can still read your messages prior to them being backed up, c) WA stores your key, so this could be exploited or subpoenaed to read your messages anyway.

That last point was inferred from this section in the WhatsApp docs:

You can change the password for your encrypted backup even if you can’t remember your old password.

This implies that that a copy of the decryption key is stored somewhere...

I do agree for all of your points. But for the last point, I think they meant it's to create the entirely new backup, not reading the last backup. Because the password isn't tied with user's password/pin.

I mean it's possible because most likely the messages on the internal storage isn't encrypted. CMIIW