Table of Contents (click to expand)
When you send a message on WhatsApp, the app scrambles (encrypts) it on your phone, and it can only be unscrambled on the recipient’s device. The same applies to files and calls. WhatsApp uses the Signal Protocol for this, so no one in between, not even WhatsApp, can read your chats.

It may be hilarious when you see a meme like that turn up every time there’s a debate about privacy and how it’s being encroached online, but things get a lot more serious when that feeling finally hits you with full force… that Orwellian feeling telling you that:

Whatsapp, one of the most popular communication apps, with more than 3 billion users around the world, switched on ‘end-to-end encryption’ by default for everyone back in April 2016, and it has stayed on ever since, covering every text, call, photo, video and file you share. While most of us were happy about the fact that our texts and calls on Whatsapp were now ‘shrouded’, there still isn’t much explanation about what the feature actually is and how it does what it claims.
So let’s decrypt this encrypted tech mystery!
What Is End-to-end Encryption?

End-to-end encryption is a very powerful feature that basically codes your messages. When you send a text to a friend, it gets scrambled (and hence encrypted) on its way and can only be decoded on the recipient’s device. The same algorithm applies for sharing files and making calls. The benefit of such scrambling is that it keeps your chats and calls protected against unwelcome acts of privacy breaching by a third party.
What this basically means is that the conversation you’re having with your friends/relatives is read only by them and no one else; not by Whatsapp, not by your service provider, not by your haters, and not even by the government!
How Does End-to-end Encryption Work?
The aim of end-to-end encryption is to code sender’s information (in this case, messages, calls and shared files) in such a way that only the recipient’s device can decode it, making it immune from any external interception. This is achieved by providing only the recipient’s device with the decryption keys that can decode the message sent by the sender. This is where two main types of keys enter the picture of encryption: public keys and private keys.
Public Keys And Private Keys
The term ‘public key’ refers precisely to what it sounds like, only in the world of encryption, it’s a complex code instead of a physical key made of steel. Anyone can generate public keys (and private keys) on their devices. To better understand what I’m talking about, take a look at what public keys and private keys typically look like:

As you can see for yourself, these keys are incredibly complex and almost impossible to make any real sense out of with just a cursory glance. That’s why there are algorithms and systems in place that do the technical toiling for you in the background while you tap away on the screen of your phone.
When you first register with Whatsapp by installing it on your phone, your device generates a bundle of Public Keys and uploads them to Whatsapp’s server, where other people can fetch them to start an encrypted conversation with you. Your matching Private Keys never leave your phone. The number of Public Keys assigned to a device can vary for different apps and programs. In the case of Whatsapp, for example, there are three public keys, namely the Identity Key, Signed Pre Key and One-time Pre Key (this one is used only for the first time someone texts you and is then deleted afterwards).
Here’s how you can understand this process in simple words; when someone, say, Sam, sends a message to Emma, Sam’s phone fetches Emma’s Public Keys and combines them with his own keys to work out a shared secret that locks the message before it is delivered to Emma. However, the system has to make sure that the message can only be read by Emma (i.e., the intended recipient) and no one else, not even the server that is relaying the message.

This is where Private Keys enter the picture. Every device keeps its own Private Keys stored only on that device and nowhere else. Because Emma’s phone holds the matching Private Keys, it (and only it) can rebuild that shared secret and decrypt Sam’s message once it arrives. The server only ever relays scrambled text it cannot read.
To give a simple analogy, think of how mailboxes (post-boxes) work. Anyone can put their letters into the box (server) through the narrow slot (Public Key), but only the postman, who has a unique key (Private Key), can unlock the box and retrieve all the letters. Encryption on devices works similarly, but they do it using huge chunks of algorithms and codes.

Note that this is just the basic description of how end-to-end encryption works; for an in-depth explanation of how Whatsapp applies this encryption to host devices, check out the Whatsapp Security Whitepaper.
Pros And Cons
In a world where everything from ordering a pizza to sharing highly sensitive documents is done online, there is an urgent, almost desperate need for tools and systems that are able to safeguard one’s privacy. The need becomes even more pressing in the context of apps that we use on a ‘hyper-regular’ basis, such as social media apps and certain communication apps that feature ‘free’ texting and calling.
With all that being said, the end-to-end encryption feature of Whatsapp is undoubtedly a welcome measure for its users, but like everything, it also has its downside. Since this is a technically sophisticated automated feature that encrypts chats and calls on every device, it gives peace-keeping authorities and governments a tough time keeping an eye on anti-social elements and other nefarious activities.
All in all, it’s a useful feature that marks a significant step towards privacy safety on an end-user level; how it’s going to influence society on a global scale is something that we’ll have to keep our eye on.
References (click to expand)
- About end-to-end encryption | WhatsApp Help Center. WhatsApp
- WhatsApp Encryption Overview: Technical White Paper. WhatsApp
- WhatsApp's Signal Protocol integration is now complete. Signal
- WhatsApp Rolls Out End-to-End Encryption to its Over One Billion Users. Electronic Frontier Foundation
- WhatsApp Security Paper Analysis. MIT Computer Science and Artificial Intelligence Laboratory
- Signal Protocol - Wikipedia. Wikipedia













