Updated: Jan 9
Recently "WhatsApp" was made to the Trending page on Twitter by tech illiterates or some tech unaware people. These people believe WhatsApp has God-level security & they think even the investigation agencies can't get access to WhatsApp chats of accused.
What does end-to-end encryption mean?
Only the sender & the recipient can read the WhatsApp conversation no one can intercept themselves in between, not even WhatsApp itself. WhatsApp uses 256-bit Advanced Encryption Standard to protect & encrypt your conversation.
Where are your WhatsApp chats stored?
WhatsApp chats are stored & maintained in the internal storage of your smartphone. The backup of chats (if turned on), is saved on Google Drive or iCloud, based on the service or the Operating System. The WhatsApp conversations, including the deleted ones, can be accessed through the database file of WhatsApp, present in the local storage of your smartphone.
As per WhatsApp's FAQ,
"Rename the backup file you want to restore from msgstore-YYYY-MM-DD.1.db.crypt12 to msgstore.db.crypt12. It's possible that an earlier backup might be on an earlier protocol, such as crypt9 or crypt10. Don't change the number of the crypt extension."
In the recent NCB case, the investigation agency had cloned the smartphones of the accused to get access to their WhatsApp chats & conversations. No question should arise on "end-to-end encryption" of WhatsApp.
WhatsApp has mentioned in its policy, only the sender & the recipient can access the chats. It means if someone else or any investigation agency, have access to either the sender's or the recipient's smartphone, they can easily access & retrieve the chats from local storage (even the deleted ones). They can also access Google Drive & iCloud backups using the cloned data.
There are powerful forensic tools which can access & retrieve chats. In the digital world of the Internet, don't expect to be anonymous, with no traces.
I saw a Tweet thread, through which someone tried to explain WhatsApp encryption & how investigation agencies accessed the chats. In the tweet thread, the Twitterati intentionally missed out the very basic points & tried to biasedly highlight "breach of privacy".
I don't think it is a "breach of privacy" because the investigation agencies have the right to interrogate, monitor & dig out the suspicious activities of "accused" for investigation purposes. The electronic evidence also matters.
Thanks for reading this blog post! Have a nice day.