Back up your messages safely
How to keep a backup of your conversations without quietly undoing your encryption, covering Signal, WhatsApp, and iMessage with Advanced Data Protection.
Published
A backup protects you from a lost, stolen, or broken phone, but a careless backup can quietly undo the encryption you worked to set up. The problem is simple: your messaging app may be end-to-end encrypted, while the backup it saves to the cloud is not. This guide explains where that gap hides and how to close it for Signal, WhatsApp, and iMessage.
For choosing and setting up an encrypted messenger in the first place, see Set up truly private messaging in 15 minutes.
The trap: how a backup undoes your privacy
End-to-end encryption (E2EE) protects messages in transit and on your device, so only you and the person you are talking to can read them. A backup is a separate copy of those messages, often stored on a cloud service like Google Drive or iCloud.
Here is the catch. For years, the default WhatsApp cloud backup was not encrypted end-to-end. Your live chats were protected, but the copy sitting in Google Drive or iCloud could be read by the cloud provider and handed over on request. The same logic applies elsewhere: an unencrypted backup is a readable copy of your private conversations parked on someone else’s server. Fixing this is mostly about flipping the right settings, and each app handles it differently.
Signal
Signal keeps its data on your device, not on Signal’s servers, so backups work differently from apps that sync to the cloud.
Android: local encrypted backups
On Signal for Android, you can turn on an on-device backup that is stored as an encrypted file on your phone and protected by a passphrase.
- Open Signal and go to Settings.
- Tap Chats, then Chat backups (labelled Backups in some versions).
- Tap Turn on backups and choose a folder to store the backup file.
- Signal shows you a 30-digit passphrase. Write it down carefully, copied left to right, top to bottom.
- Store the passphrase somewhere safe and separate from your phone, ideally in a password manager or on paper in a secure place.
Two things to understand. First, Signal cannot recover or reset this passphrase. If you lose it, the backup is unrecoverable, by design. Second, the backup file lives on your device, so it survives a reinstall but not a lost phone unless you also copy the file somewhere safe. Move it to a trusted, encrypted location periodically.
iPhone: no local backup file
Signal for iPhone does not offer the same on-device backup file. To move your history to a new iPhone, use a device-to-device transfer during setup, with both phones present and on the same platform. Note that an Android on-device backup cannot be restored on an iPhone, and transfers only work within the same operating system. If you switch between Android and iPhone, expect to start your Signal history fresh.
WhatsApp backs up to Google Drive (Android) or iCloud (iPhone). By default that cloud backup was historically not end-to-end encrypted, so turning on the encrypted backup option is the key step.
Turn on end-to-end encrypted backup
- Open WhatsApp and go to Settings.
- Tap Chats, then Chat backup.
- Tap End-to-end encrypted backup, then Turn on (or Create).
- Choose either a password of your own, or a 64-digit encryption key that WhatsApp generates.
- Confirm. WhatsApp encrypts the backup so that neither WhatsApp nor the cloud provider (Google or Apple) can read it.
As WhatsApp puts it, neither WhatsApp nor your backup service provider can read your end-to-end encrypted backups or access the key required to unlock them. If you forget the password or lose the key and lose your phone, WhatsApp cannot recover the backup, so store your password or key carefully.
One catch for iPhone users
If you use iCloud Backup for your whole iPhone, enabling WhatsApp’s end-to-end encrypted backup will automatically exclude your WhatsApp chat history from the device-wide iCloud backup. This is a deliberate safeguard so your private key is never stored unencrypted in iCloud. Your WhatsApp history is still backed up, just through WhatsApp’s own encrypted mechanism rather than the general iCloud backup.
A note on the future
As of July 2026, WhatsApp has been reported to be preparing its own end-to-end encrypted cloud storage as an alternative to Google Drive and iCloud. Details and availability may vary by region, so check the in-app settings for what is offered to you.
iMessage and iCloud
For iPhone users, whether your Messages are protected in the cloud depends on one setting: Advanced Data Protection.
The default situation
Without Advanced Data Protection, Messages in iCloud is end-to-end encrypted only when iCloud Backup is turned off. If you use the standard iCloud Backup (which most people do), your device backup includes a copy of the Messages encryption key, so Apple retains the ability to access those messages, for example in response to a legal request. In other words, a standard iCloud backup weakens iMessage’s end-to-end encryption.
Turn on Advanced Data Protection
Advanced Data Protection (ADP), available since December 2022, extends end-to-end encryption to your iCloud Backup, Photos, Notes, and Messages, so that only your trusted devices hold the keys and Apple cannot read them.
- On your iPhone, open Settings and tap your name at the top.
- Tap iCloud, then Advanced Data Protection.
- Tap Turn On Advanced Data Protection.
- Follow the prompts to set up account recovery. Apple requires at least one recovery contact or a recovery key before it will enable ADP.
Once ADP is on, the number of iCloud data categories protected by end-to-end encryption rises to 25, including your iCloud Backup and Messages. Because Apple no longer holds the keys, only you can recover your data. If you lose access to your account, you will need your device passcode, a recovery contact, or your recovery key. There is no back door for Apple to reset it, which is the point.
Good habits for any backup
- Know whether the backup is end-to-end encrypted. If it is not, a copy of your messages is readable by whoever holds it.
- Guard the recovery secret. A passphrase, password, or recovery key is what stands between your backup and everyone else. Store it in a password manager or somewhere physically secure, separate from the device.
- Accept the trade-off. True end-to-end encrypted backups mean the provider cannot help you recover a lost key. That is a feature, not a flaw, but it puts the responsibility on you.
- Test a restore occasionally, so you find out a backup works before you actually need it.
Quick checklist
- Signal Android: turn on on-device backup and safely store the 30-digit passphrase.
- Signal iPhone: use device-to-device transfer; there is no local backup file.
- WhatsApp: turn on end-to-end encrypted backup and save your password or 64-digit key.
- iPhone users: turn on Advanced Data Protection to encrypt Messages and iCloud Backup.
- Store every passphrase, password, or recovery key somewhere safe and separate from your phone.
- Test a restore before you ever have to rely on it.
Sources
- support.signal.org https://support.signal.org/hc/en-us/articles/10066926526362-Android-On-device-Backups
- support.signal.org https://support.signal.org/hc/en-us/articles/10074659364122-Backups-and-Device-Transfers-on-Signal
- faq.whatsapp.com https://faq.whatsapp.com/490592613091019/
- blog.whatsapp.com https://blog.whatsapp.com/end-to-end-encrypted-backups-on-whatsapp
- support.apple.com https://support.apple.com/en-us/102651
- support.apple.com https://support.apple.com/en-us/108756
Last reviewed: