The indigenous instant messaging app, Arattai, has gained immense popularity in just a few days. It has climbed to the number-one spot on both the Apple App Store and Google Play Store. Developed by Zoho Corporation, this app is being touted as a direct competitor to WhatsApp. But is that really the case?
Arattai boasts several features that rank it among WhatsApp's competitors, yet it falls short concerning chat encryption. Conversations on Arattai are not end-to-end encrypted, although the company ensures end-to-end encryption for calls.
How does end-to-end encryption work in WhatsApp?
In simple terms, when you send a message on WhatsApp, it becomes encrypted on your device, transforming it into a coded format. Although it passes through WhatsApp's server, it remains coded there as well.
The company itself cannot read your conversations. Only when the message reaches the recipient's device, is it decrypted and made readable. This is why you'll notice an option to verify end-to-end encryption when you click on a profile in the chat window. The codes must match on both the sender and receiver's ends.
One of the major benefits of end-to-end encryption in chats is that no intermediary, not even WhatsApp, can read your conversations. The drawback of no encryption is the potential for hackers to intercept your conversations.
Are chats on Arattai end-to-end encrypted? How safe is it?
As of now, Arattai does not provide end-to-end encryption (E2EE) for chats. Although basic encryption exists, it is not deemed robust for privacy.
The company does offer end-to-end encryption for calls.
When you send a message through this app, it may reach Zoho's servers in a readable form.
Technically, Zoho can access your conversations if desired. Additionally, if a government or agency requests chat data, Arattai has the option to comply, increasing the likelihood of hacking or data leaks.
What type of encryption does Arattai use?
According to the company’s website, voice and video calls on Arattai are end-to-end encrypted.
The FAQ page mentions that data is stored in an encrypted format and end-to-end encryption applies to the secret chat feature. This does not cover normal chats.
The FAQ page also states that user data will remain in India, but does not elaborate on the real-time encryption of user chats to prevent hackers from accessing them. Cyber criminals may trace user chats from miles away.
No mention of encryption on the FAQ page!
Typically, companies portraying themselves as secure messaging apps explain in detail the encryption protocols they use on their FAQ pages. Here, the emphasis is on end-to-end encryption for calling and private chats, but there is no mention of further encryption details. The public documentation lacks cryptographic details like algorithms - AES-256, RSA, and Signal Protocol/Double Ratchet, used by Arattai.
WhatsApp uses the Signal Protocol.
The Signal Protocol is regarded as the gold standard in encryption. It was developed by the American non-profit Signal Foundation and is considered one of the most trustworthy encryption systems.
The best thing is, this encryption protocol is open-source. Anyone can audit its source code and design.
Cryptographers and security researchers have conducted numerous audits and found that it indeed secures chats, preventing even the company from reading them.
Researchers from the University of Oxford, University of London, and McMaster University conducted an independent study in 2017 and concluded that it is among the most robust encryption systems available globally.
