WhatsApp announced on Friday that it will offer its users encrypted backups sometime during the year.
Users will be able to choose how to save the encryption key used.
The simplest is to hold a random 64-digit key file yourself, similar to how it handles Signal backups, which you will need to re-enter to restore a backup.
The alternative would be to store the random key in the WhatsApp infrastructure, called Backup Key Vault and is based on a hardware security module (HSM) and will be accessible via a user-generated password.
"The password is unknown on WhatsApp, the user's mobile partners or any third party. The key is stored in the HSM Backup Key Vault to allow the user to recover the key in case of loss or theft of the device" he said The company.
"HSM Backup Key Vault is responsible for enforcing password authentication attempts and making the key permanently inaccessible after some unsuccessful attempts to access it. These security measures provide protection against brute force attempts to recover the key."
WhatsApp said it would only know there is a key in the Backup Key Vault, but would not know the key itself.
The backups will store text messages as well as photos and videos taken, WhatsApp said.
"Once a backup is encrypted, it is stored in a third-party storage (for example iCloud or Google Drive). Because backups are encrypted with a key that is not known to Google or Apple, the cloud provider is unable to read them."
WhatsApp initially urged users to accept the new privacy terms by February 8 or risk not being able to use the app. By June, WhatsApp had finally rejected its update plans.