Possibly more than once you have wondered if someone other than you and the person you are talking to can read your WhatsApp messages. This is a common question due to the controversies surrounding the privacy and transparency in which the messaging application and its parent company, Facebook, have been involved in recent times.
Now, due to a report from ProPublica, the issue has come to light again, sowing doubts and uncertainty. In this post we are going to explain why, in a “normal” scenario, no one other than chat members can see the messages. However, when a WhatsApp conversation is reported, Facebook may receive some messages to examine.
To understand the subject well, first of all, we must remember, in general terms, how the end-to-end encryption by WhatsApp. As the company explains, it is the same encryption protocol that Signal uses. This is responsible for ensuring that, in case the messages are intercepted, they cannot be read and the malicious actor encounters nonsense characters.
This is because the end-to-end encryption of WhatsApp, like that of many other applications, relies on the use of unique and individual keys. These keys are necessary to decrypt the content of the messages. And how are only stored on your phone and that of the person you are talking to, no one else, not even Facebook itself, can access them. You can read the technical details of the encryption keys in this official document.
WhatsApp defends end-to-end encryption
Due to controversies around privacy and data sharing, WhatsApp has tried to make its end-to-end encryption feature more visible. In this sense, if you tap on the name of the contact in any of your conversations and then on Encryption, you will find a QR code that will allow you to verify if the public keys of the security mechanism match.
Now, if all WhatsApp messages are protected, where does this latest controversy come from? The answer lies in the function of “contact report“, which makes it possible to report a problematic conversation so that measures can be taken against the user if the company detects that they have violated their conditions of service.
In this sense, WhatsApp says that when reporting a conversation, the company receives “the most recent messages sent by the reported user or group, as well as information about their recent interactions” in order to generate a behavior report. WABetaInfo signals that the last 5 messages are sent.
So … if WhatsApp doesn’t have the decryption keys, how can it read the messages? When a conversation is reported, the system forwards the latest messages to the company’s moderators and, in this case, a new connection is generated with them that includes new encryption and decryption keys. That is, they are not directly accessing your messages. As you can see from the screenshot, the company says that it will not notify the contact of this action.