Your private Whatsapp messages contain a treasure trove of sensitive information.
So you are probably very glad that every text you send to friends is encrypted so only the sender and receiver can read them.
But it turns out that Whatsapp has been quietly storing messages in archives where they could be read by anyone who gains access to a user’s account.
The messaging app keeps an archive of everything Android owners send on the Google Drive cloud storage system.
But it has admitted these are not protected by ‘end-to-end’ encryption, which could mean they are easier to hack into.
‘Media and messages you back up aren’t protected by WhatsApp end-to-end encryption while in Google Drive,’ Whatsapp wrote on its website.
This statement raised fears that hackers, cops or even government spooks could access private data if they gained access to someone’s Google Drive account.
“From a privacy perspective, online backups are no good regardless of who the custodian is,’ said Karan Saini, an independent security researcher.
‘While Google does encrypt files on the server side they also ultimately control the keys for those — which can be provided to law enforcement authorities on the basis of a warrant.’
You can turn off the archive feature by going into options, selecting ‘chats’ and then ‘chats backup’.
All the backup data is automatically removed after 12 months.
‘WhatsApp backups that haven’t been updated in more than one year will be automatically removed from Google Drive storage,’ the messaging app wrote.
You might feel reassured to hear that it’s quite easy to protect your Google Drive account.
Jeremy Miles, a data scientist at Google, said it’s ‘close to impossible’ to hack into a Google cloud profile if it’s set a good password and turned on ‘two factor authentication’.