WhatsApp has enhanced the security of a iCloud backup feature without much fanfare. The weakness in the backups would have allowed the encrypted messages to become accessible in a readable form. This would have been possible by going through Apple (which has the encryption keys for iCloud) or if a hacker managed to get into your iCloud account through some other means.
WhatsApp added encryption to its iCloud backups as early as last year. However, it did not harp about it and the fact came to light only last week. And ironically enough, the feature came to light after a company claimed that it was able to surpass the security measures.
The company in question is Oxygen Forensics and its claimed hacking method works only if you have a SIM card with the same number that is used by WhatsApp to generate a verification code that is a perquisite to the encryption key for the iCloud backups. The long and short is that the encrypted data from iCloud is downloaded and then Oxygen Forensics claims to be able to generate the encryption key after which, the data can easily be read.
Which brings us to the fact that WhatsApp felt the need to encrypt iCloud chats in the first place. It is actually a paradox that private companies are attempting to protect the privacy of their users while government agencies are bitterly opposing them in the courts of law under the pretext that their moves are endangering the safety of the country.
The FBI for instance, is making a huge push to outlaw end to end encryption for good. However, WhatsApp predictably is opposing the motion along with most of its peers. The company has faced a lot of flak and has even been banned in countries like the Brazil several times. Judging by the fact that it is strengthening the measures it deploys to protect user privacy, it does not seem like WhatsApp and by extension Facebook, is in any mood to give up the battle.