WhatsApp has been advertising their encryption policy for a while now. The company has left no stones unturned to make sure users understand that the messages are end-to-end encrypted and can’t be intercepted by anyone. However, it looks like the same can’t be said for Google Drive backups.
Recently, the company announced a partnership with Google to exempt WhatsApp backups from Google Drive free quota calculations. Previously the WhatsApp backups stored on Drive used to count within the 15 GB free space that a Google account offered. With the new partnership, WhatsApp also confirmed that the data stored on Google Drive is not encrypted. The company confirmed this in a blog post update about Google Drive- “Media and messages you back up aren’t protected by WhatsApp end-to-end encryption while in Google Drive”.
That said, security researchers did point out that it’s not mandatory to upload backups on Google Drive so in case you’re not comfortable then just choose the local backup option.
As a WhatsApp user you have the choice to not backup your data to Google Drive,” said. They (WhatsApp) are not forcing you to backup. It is a feature. So, if you trust Google, you can enable it. At the same time if law enforcement agencies requests Google for specific user data, they have to comply.
– Sai Krishna Kothapalli, an independent security researcher
WhatsApp has always promised complete end-to-end encryption and has confirmed on various occasions that even the company can’t access the messages. While this is true because the messages are stored on the phones of the users and not on WhatsApp servers, the company says they can’t guarantee the same for Google Drive backups. If you’re not comfortable then don’t upload WhatsApp backups on Google Drive. The feature is present but is optional so if you don’t like it then don’t use it.