About end-to-end encryption
Privacy and security is in our DNA, which is why we built end-to-end encryption into our app. When end-to-end encrypted, your messages, photos, videos, voice messages, documents, status updates, and calls are secured from falling into the wrong hands.
WhatsApp's end-to-end encryption is used when you chat with another person using WhatsApp Messenger. End-to-end encryption ensures only you and the person you're communicating with can read or listen to what is sent, and nobody in between, not even WhatsApp. This is because with end-to-end encryption, your messages are secured with a lock, and only the recipient and you have the special key needed to unlock and read them. All of this happens automatically: no need to turn on any special settings to secure your messages.
Every WhatsApp message is protected by the same Signal encryption protocol that secures messages before they leave your device. When you message a WhatsApp business account, your message is delivered securely to the destination chosen by the business.
WhatsApp considers chats with businesses that use the WhatsApp Business app or manage and store customer messages themselves to be end-to-end encrypted. Once the message is received, it will be subject to the business’s own privacy practices. The business may designate a number of employees, or even other vendors, to process and respond to the message.
Some businesses choose WhatsApp’s parent company, Meta, to securely store messages and respond to customers. Meta will not automatically use the messages you send a business to inform the ads that you see. However, businesses will be able to use chats they receive for their own marketing purposes, including advertising on Meta. You can always contact that business to learn more about its privacy practices.
- The encryption status of an end-to-end encrypted chat can't change without the change being visible to the user. For more information about which chats are end-to-end encrypted, please read our white paper.
- There are optional services that a business or you can choose to use where Meta receives limited information. For example, you can choose to start a chat with a business after interacting with their ad on Facebook and Instagram, or interact with offers and announcements a business may send you on WhatsApp. We’re rolling out the >> icon at the top of the chat bar for these services, which you’ll be able to tap to learn more about how this works.
- In addition, certain companies choose to use AI from Meta to assist them in responding to messages sent from customers. Meta receives these chats to improve its AI quality; when this happens we will let you know by highlighting “uses AI from Meta” under the business name.
Payments on WhatsApp, which is available in select countries, enable transfers between accounts at financial institutions. Card and bank numbers are stored encrypted and in a highly-secured network. However, because financial institutions can’t process transactions without receiving information related to these payments, these payments aren’t end-to-end encrypted.
What's the "Verify Security Code" screen in the contact info screen?
End-to-end encrypted chats between you and one other person have their own security code. This code is used to verify that the calls and the messages you send to that chat are end-to-end encrypted.
Note: The verification process is optional for end-to-end encrypted chats, and is only used to confirm that the messages and calls you send are end-to-end encrypted.
This code can be found in the contact info screen, both as a QR code and a 60-digit number. These codes are unique to each individual chat and can be compared between people in each chat to verify that the messages you send to the chat are end-to-end encrypted. Security codes are just visible versions of the special keys shared between you - and don't worry, it's not the actual keys themselves, they're always kept secret. When you verify a chat is end-to-end encrypted, this also verifies that you and your contact’s lists of linked devices are up to date.
To verify that an individual chat is end-to-end encrypted:
- Open the chat.
- Tap the contact’s name to open the contact info screen.
- Tap Encryption to view the QR code and 60-digit number.
If you and your contact are physically next to each other, one of you can scan the other's QR code or visually compare the 60-digit number. If you scan the QR code, and the code is indeed the same, a green check mark will appear. Since they match, you can be sure no one is intercepting your messages or calls.
If you and your contact aren't physically near each other, you can send them the 60-digit number using another platform. Let your contact know that once they receive your code, they should write it down and then visually compare it to the 60-digit number that appears in the contact info screen under Encryption. For Android and iPhone, you can use the Share button from the Verify Security Code screen to send the 60-digit number via SMS, email, etc.
If the codes don't match, it's possible you're scanning the code of a different contact or a different phone number. If your contact has recently reinstalled WhatsApp, changed phones, or added or removed a paired device, we recommend you refresh the code by sending them a new message and then scanning the code. Learn more about security codes changing in this article.
Please note, if you or your contact uses WhatsApp on multiple devices, you’ll need to verify the security code on all of your and your contact’s devices.
WhatsApp also provides automatic verification of these codes through a process called key transparency, which you can learn more about in our white paper.
To view the automatic verification status of your end-to-end encrypted chat:
- Open the chat.
- Tap the contact’s name to open the contact info screen.
- Tap Encryption to view the updated automatic verification notice, QR code and 60-digit number for manual verification.
Why does WhatsApp offer end-to-end encryption and what does it mean for keeping people safe?
Security is essential to the service WhatsApp provides. We've seen multiple examples where criminal hackers illegally obtained vast sums of private data and abused technology to hurt people with their stolen information. Since completing the implementation of end-to-end encryption in 2016, digital security has become even more important.
WhatsApp has no ability to see the content of messages or listen to calls that are end-to-end encrypted. That’s because the encryption and decryption of messages sent and received on WhatsApp occurs entirely on your device. Before a message ever leaves your device, it's secured with a cryptographic lock, and only the recipient has the keys. In addition, the keys change with every single message that's sent. While all of this happens behind the scenes, you can confirm your conversations are protected by checking the security verification code on your device. You can find more details about how this works in our white paper.
Naturally, people have asked what end-to-end encryption means for the work of law enforcement. WhatsApp appreciates the work that law enforcement agencies do to keep people safe around the world. We carefully review, validate and respond to law enforcement requests based on applicable law and policy, and we prioritize responses to emergency requests. As part of our education efforts, we published information for law enforcement about the limited information we collect and how they can make requests of WhatsApp, which you can read here.
To learn more about your security on WhatsApp, please visit WhatsApp Security.