Encrypted chat apps like Signal and WhatsApp are one of the best ways to keep your digital conversations as private as possible. But if you're not careful with how those conversations are backed up, you can accidentally undermine your privacy.
When a conversation is properly encrypted end-to-end, it means that the contents of those messages are only viewable by the sender and the recipient. The organization that runs the messaging platform--such as Meta or Signal--does not
have access to the contents of the messages. But it does have access to some metadata , like the who, where, and when of a message. Companies have different retention policies around whether they hold onto that information after the message is sent.
What happens after the messages are sent and received is entirely up to the sender and receiver. If youre having a conversation with someone, you may choose to screenshot that conversation and save that screenshot to your computers
desktop or phones camera roll. You might choose to back up your chat history, either to your personal computer or maybe even to cloud storage (services like Google Drive or iCloud, or to servers run by the application developer).
Those backups do not necessarily have the same type of encryption protections as the chats themselves, and may make those conversations--which were sent with strong, privacy-protecting end-to-end encryption--available to read by whoever runs the cloud storage platform youre backing up to, which also means they could hand them at the request of law enforcement.
With that in mind, lets take a look at how several of the most popular chat apps handle backups, and what options you may have to strengthen the security of those backups.
How Signal Handles Backups
The official Signal app doesnt offer any way to back up your messages to a cloud server (some alternate versions of the app may provide this, but we recommend you avoid those, as there dont exist any alternatives with the same
level of security as the official app). Even if you use a device backup, like Apples iCloud backup, the contents of Signal messages are not included in those .
Instead, Signal supports a manual backup and restore option.
Basically, messages are not backed up to any cloud storage, and Signal cannot access them, so the only way to transfer messages from one device to another is manually through a process that Signal details here . If you lose your phone or it breaks, you
will likely not be able to transfer your messages.
How WhatsApp Handles Backups
WhatsApp can optionally back up the contents of chats to either a Google Account on Android, or iCloud on iPhone, and
you have a choice to back up with or without end-to-end encryption. Here are directions for enabling end-to-end encryption in those backups. When you do so, youll need to create a password or save a 64-digit key.
How Apples
iMessages Handles Backups
Communication between people with Apple devices using Apples iMessage (blue bubbles in the Messages app), are end-to-end encrypted, but the backups of those conversations are not end-to-end encrypted
by default. This is a loophole we've routinely demanded Apple close.
The good news is that with the release of the Advanced Data Protection feature , you can optionally turn on end-to-end encryption for almost everything stored in
iCloud, including those backups (unless youre in the U.K., where Apple is currently arguing with the government over demands to access data in the cloud, and has pulled the feature for U.K. users).
How Google Messages Handles
Backups
Similar to Apple iMessages, Google Messages conversations are end-to-end encrypted only with other Google Messages users (youll know its enabled when theres a small lock icon next to the send button in a chat).
You can optionally back up Google Messages to a Google Account, and as long as you have a passcode or lock screen password, the backup of the text of those conversations is end-to-end encrypted. A feature to turn on end-to-end
encrypted backups directly in the Google Messages app, similar to how WhatsApp handles it, was spotted in beta last year but hasnt been officially announced or released.
Everyone in the Group Chat Needs to Get Encrypted
Note that even if you take the extra step to turn on end-to-end encryption, everyone else you converse with would have to do the same to protect their own backups. If you have particularly sensitive conversations on apps like WhatsApp
or Apple Messages, where those encrypted backups are an option but not the default, you may want to ask those participants to either not back up their chats at all, or turn on end-to-end encrypted backups. Ask Yourself: Do I Need Backups Of These
Conversations?
Of course, theres a reason people want to back up their conversations. Maybe you want to keep a record of the first time you messaged your partner, or want to be able to look back on chats with friends and family.
There should not be a privacy trade-off for those who want to save those conversations, but unfortunately you do need to weigh whether or not its worth saving your chats with the potential of them being exposed in your security plan .
But also its worth considering that we dont typically need every conversation we have stored forever. Many chat apps, including WhatsApp and Signal , offer some form of disappearing messages, which is a way to delete messages after a
certain amount of time. This gets a little tricky with backups in WhatsApp. If you create a backup before a message disappears, itll be included in the backup, but deleted when you restore later. Those messages will remain there until you back up again,
which may be the next day, or may not be many days, if you dont connect to Wi-Fi.
You can change these disappearing messaging settings on a per-conversation basis. That means you can choose to set the meme-friendly group chat with
your friends to delete after a week, but retain the messages with your kids forever. Google Messages and Apple Messages dont offer any such feature--but they should, because its a simple way to protect our conversations that gives more control over to
the people using the app.
End-to-end encrypted chat apps are a wonderful tool for communicating safely and privately, but backups are always going to be a contentious part of how they work. Signals approach of not offering cloud
storage for backups at all is useful for those who need that level of privacy, but is not going to work for everyones needs. Better defaults and end-to-end encrypted backups as the only option when cloud storage is offered would be a step forward, and a
much easier solution than going through and asking every one of your contacts how or if they back up their chats.
