Skip to content

What is Mobile Application End-to-End Encryption?

The rise of smartphone apps now means more of our private information is in the hands of app providers. To protect data, many app providers are now using end-to-end encryption to safeguards the data they collect. This article will explain what end-to-end encryption is, the app developers that currently use them and some of the benefits and pitfalls.

What is End-to-End Encryption?

End-to-End Encryption (EE2E) describes the process by which data is stored between end-users. When an app uses E2EE, the data is sent from one device to the intended device, and only those devices can decrypt (or view) the data. Examples of E2EE include Secure Socket Layer, Internet Protocol Security and Transport Layer Security.

Examples of EE2E

WhatsApp

EE2E is best demonstrated through describing WhatsApp’s EE2E service. On 5 April 2016, WhatsApp announced E2EE is available on all of its devices (i.e. if you use an iPhone, Android, Nokia, Microsoft, etc.) your conversations are secure because of EE2E. When you send a video or text via WhatsApp to your friend, that video or text is only viewable by you and your friend. Not even WhatsApp will have access to your message.

Australian Banking Apps

ANZ uses a form of EE2E, known as “Secure Socket Layer” (SSL). According to ANZ, this is a high-grade encryption whereby the encryption turns the words and numbers into coded language. It prevents unauthorised users from changing or reading your data. As such, ANZ confirms that your credit or debit card number is never saved on your device or shared with the merchant (i.e. the website you online shopped through or the sales assistant who sold you those nice high-waited jeans).

Continue reading this article below the form
Loading form

When is EE2E Important?

Recently, we have seen massive data breach incidents like the Panama Papers. With the rise in data breaches, EE2E can be seen as critical. Accordingly, all app developers should consider encrypting any private, sensitive or confidential information.

Adding an EE2E service to your app can assure and convince your users that your data is safe and secure. It can also relieve you of some data storage compliance issues. If you do hold data, you will have obligations under the Privacy Act 1988 (Cth) (further described below). Of note, platforms like Facebook, Snapchat and so forth are built to share user-generated information. These organisations will need to comply still any private information they hold but their public information, for example, would not need to be EE2E.

Pitfalls of EE2E

Despite the obvious benefit of protecting sensitive data, EE2E is not without its pitfalls. First of all, the technology is not free. EE2E only encrypts (make secure) data that is in motion. Accordingly, the E2EE services take a lot more computer power (especially when the computer is older) than it would if there was no encryption.

Secondly, no solution will protect your users’ data completely. However, EE2E does reduce risk significantly in that third parties are not involved, and the user’s data isn’t floating around unencrypted before it moves onto the intended receiver.

Privacy Law

In Australia, when an entity holds personal information, they must take “reasonable steps” to protect the information from misuse, interference and loss, as well as unauthorised access, modification or disclosure. The Office of the Australian Information Commissioner confirms that reasonable steps may include the preparation and implementation of a data breach response plan or policy.

Key Takeaways

Encryption exists between the original source and final destination. Decryption occurs when the end users open their message. Accordingly, EE2E shields conversations from all but the sender and receiver. In determining if EE2E is relevant for your App you will need to consider the content of the information you are sharing or not sharing, whether it is private and whether your users will expect it to be private. Contact LegalVision’s IT lawyers to assist you with any questions you may have. Call us on 1300 544 755.

Register for our free webinars

ACCC Merger Reforms: Key Takeaways for Executives and Legal Counsel

Online
Understand how the ACCC’s merger reforms impact your legal strategy. Register for our free webinar.
Register Now

Ask an Employment Lawyer: Contracts, Performance and Navigating Dismissals

Online
Ask an employment lawyer your contract, performance and dismissal questions in our free webinar. Register today.
Register Now

Stop Chasing Unpaid Invoices: Payment Terms That Actually Work

Online
Stop chasing late payments with stronger terms and protections. Register for our free webinar.
Register Now

Managing Psychosocial Risks: Employer and Legal Counsel Responsibilities

Online
Protect your business by managing workplace psychosocial risks. Register for our free webinar.
Register Now
See more webinars >
Esther Mistarz

Esther Mistarz

Read all articles by Esther

About LegalVision

LegalVision is an innovative commercial law firm that provides businesses with affordable, unlimited and ongoing legal assistance through our membership. We operate in Australia, the United Kingdom and New Zealand.

Learn more

We’re an award-winning law firm

  • Award

    2025 Future of Legal Services Innovation Finalist - Legal Innovation Awards

  • Award

    2025 Employer of Choice - Australasian Lawyer

  • Award

    2024 Law Company of the Year Finalist - The Lawyer Awards

  • Award

    2024 Law Firm of the Year Finalist - Modern Law Private Client Awards

  • Award

    2022 Law Firm of the Year - Australasian Law Awards