In a coup for privacy advocates, strong end-to-end encryption is coming to Whatsapp, a cross-platform instant messaging app with more than 500 million installations on the Android platform alone.
Until now, most popular messaging apps for smartphones have offered woefully inadequate protections against eavesdropping. Whatsapp, which Facebook recently acquired for $19 billion, has itself been criticized for a series of crypto blunders only spooks in the National Security Agency would love. Most other mobile apps haven't done much better, as a recent scorecard of 39 apps compiled by the Electronic Frontier Foundation attests. Many fail to implement perfect forward secrecy, which uses a different key for each message or session to ensure that an adversary who intercepts a key can't use it to decrypt old messages. The notable exception among popular messaging apps is Apple's iMessage, but it's not available for Android handsets.
Enter Moxie Marlinspike, the highly regarded security researcher and principal developer of TextSecure, an SMS app for Android. Over the past three years, his team at Open Whisper Systems has developed a open encryption protocol for asynchronous messaging systems. That specification is now being incorporated into Whatsapp.