Facebook that owns WhatsApp has always upheld saying that WhatsApp chats are end-to-end encrypted, meaning that only the receiver and sender can read the messages, not even WhatsApp.
However, despite having much stronger regulations, how is it that WhatsApp chats of the person involved in a Bollywood scandal gets leaked and accessed?
There have been many instances recently where WhatsApp chats of Bollywood celebrities got leaked on public platforms.
Actress Rhea Chakraborty's WhatsApp chats were circulated all over the internet in 2020 when she was being investigated by the NCB, while Deepika Padukone was summoned to the NCB office after her chats with an alleged drug dealer were accessed.
Currently, Bollywood actress Ananya Pandey, who was summoned by the NCB on Thursday after her WhatsApp chats with Aryan Khan were accessed by the NCB.
Aryan Khan, son of Shah Rukh Khan has been accused of consuming drugs and having connections with illicit International drug groups.
Therefore, all these incidents raise the question of whether WhatsApp messages are really end-to-end encrypted and how do the chats get leaked or are accessed by others? Here we try to answer all questions.
Also read: Anti-drug agency seizes Ananya Panday’s mobile & laptop
Are WhatsApp messages really encrypted?
WhatsApp chats are end-to-end encrypted and can be read only by the sender and the receiver. Facebook has maintained its claim that no third person can get access to the chats, not even WhatsApp and Facebook.
A Signal Protocol is used in WhatsApp's end-to-end encryption. This technology prevents third parties and WhatsApp itself from having access to messages or calls on the app.
WhatsApp's FAQ page says: "WhatsApp cannot see the content of messages or listen to calls that are end-to-end encrypted. That's because the encryption and decryption of messages sent and received on WhatsApp occur entirely on your device.”
“Before a message ever leaves your device, it's secured with a cryptographic lock, and only the recipient has the keys. In addition, the keys change with every single message that's sent. While all of this happens behind the scenes, you can confirm your conversations are protected by checking the security verification code on your device," teh page adds.
How WhatsApp chats can be accessed despite end-to-end encryption?
It is almost impossible to break through the end-to-end encrypted data. Then how do WhatsApp chats leak? In most cases, they don’t get leaked for real, rather they are accessed by a third party. And this access happens simply - Unlock your phone and give it to me.
The laws around getting access to someone’s devices like smartphones is undetermined and blurred in India, whereas in countries like the US or many European countries, the police authorities require a warrant before they can seize and search phones and computers of any citizens.
There can be several possibilities. A third party can only physically access when the user is told to unlock the phone. Once the phone is unlocked, all chats on the app can be accessed. Screenshots can be taken, copied and later on, they can be shared.
Until recently WhatsApp did not have an option to encrypt chat backups to Google Drive or iCloud. In September the option was made available but is not activated by default. The user has to explicitly tell WhatsApp to encrypt chat backups.
There is another option available with the law enforcement agencies to approach Google and Apple with a legitimate court order and get the WhatsApp chat backups (unencrypted until recently) from them. The backups then can be taken in forensic labs.
Even though the chat backups can be encrypted, the option has to be enabled by the user of the phone. Thus, unless you explicitly tell WhatsApp to encrypt your chat backups, the messages will remain unencrypted.
Also Read: WhatsApp users can join ongoing video call, know how!
Is there a provision for WhatsApp to share data with law enforcement agencies?
The law enforcement agencies can send a request to WhatsApp for sharing of account details of a user in certain situations. The account details include the user’s information, profile photos, group information and address book, if available. Once requested, WhatsApp will review, validate and respond to the request based on the applicable law and policy.
In the FAQs of WhatsApp, there is no mention of sharing of data with the law enforcement agencies as by default the platform does not store messages once delivered or transaction logs. After 30 days, undelivered messages are removed from servers. WhatsApp cannot access the chats of its users due to the end-to-end encryption which is turned on by default.