WhatsApp rolled out end-to-end encryption back in 2016 but this does not apply to the chat backups that users uploaded to Apple iCloud or Google Drive. However, that will change very soon though as the subsidiary of Facebook has officially unveiled the end-to-end encrypted (E2EE) backups feature.
The feature apparently has been in the works for the past few years and was spotted in a beta build two months ago. When enabled, WhatsApp would encrypt the backups with a randomly generated 64-digit encryption key in which users can then choose to manually save it or create a password that would be associated with the key.
For those who choose the password method, the actual encryption key will be stored in the Backup Key Vault which utilises specialised hardware called Hardware Security Module that is located within Facebook data centres all over the world. This is so that users will still be able to utilise the Backup Key Vault service even though there is an outage in a particular data centre.
When a user enters his or her password to access the backups, the service which has also been designed to protect the key against the brute-force method would then attempt to verify it. If successful, the encryption key would be securely transmitted to the WhatsApp client on the user’s device that will use it to decrypt the backups.
Despite the official announcement, the exact rollout date for this feature was not revealed by WhatsApp. Nevertheless, the messaging app noted that iOS and Android users can expect to see the option being made available to them within the next few weeks.
(Source: Facebook Engineering.)