Reading time: 4 minutes

The rise of smartphone apps now means more of our private information is in the hands of app providers. To protect data, many app providers are now using end-to-end encryption to safeguards the data they collect. This article will explain what end-to-end encryption is, the app developers that currently use them and some of the benefits and pitfalls.

What is End-to-End Encryption?

End-to-End Encryption (EE2E) describes the process by which data is stored between end-users. When an app uses E2EE, the data is sent from one device to the intended device, and only those devices can decrypt (or view) the data. Examples of E2EE include Secure Socket Layer, Internet Protocol Security and Transport Layer Security.

Examples of EE2E

WhatsApp

EE2E is best demonstrated through describing WhatsApp’s EE2E service. On 5 April 2016, WhatsApp announced E2EE is available on all of its devices (i.e. if you use an iPhone, Android, Nokia, Microsoft, etc.) your conversations are secure because of EE2E. When you send a video or text via WhatsApp to your friend, that video or text is only viewable by you and your friend. Not even WhatsApp will have access to your message.

Australian Banking Apps

ANZ uses a form of EE2E, known as “Secure Socket Layer” (SSL). According to ANZ, this is a high-grade encryption whereby the encryption turns the words and numbers into coded language. It prevents unauthorised users from changing or reading your data. As such, ANZ confirms that your credit or debit card number is never saved on your device or shared with the merchant (i.e. the website you online shopped through or the sales assistant who sold you those nice high-waited jeans).

When is EE2E Important?

Recently, we have seen massive data breach incidents like the Panama Papers. With the rise in data breaches, EE2E can be seen as critical. Accordingly, all app developers should consider encrypting any private, sensitive or confidential information.

Adding an EE2E service to your app can assure and convince your users that your data is safe and secure. It can also relieve you of some data storage compliance issues. If you do hold data, you will have obligations under the Privacy Act 1988 (Cth) (further described below). Of note, platforms like Facebook, Snapchat and so forth are built to share user-generated information. These organisations will need to comply still any private information they hold but their public information, for example, would not need to be EE2E.

Pitfalls of EE2E

Despite the obvious benefit of protecting sensitive data, EE2E is not without its pitfalls. First of all, the technology is not free. EE2E only encrypts (make secure) data that is in motion. Accordingly, the E2EE services take a lot more computer power (especially when the computer is older) than it would if there was no encryption.

Secondly, no solution will protect your users’ data completely. However, EE2E does reduce risk significantly in that third parties are not involved, and the user’s data isn’t floating around unencrypted before it moves onto the intended receiver.

Privacy Law

In Australia, when an entity holds personal information, they must take “reasonable steps” to protect the information from misuse, interference and loss, as well as unauthorised access, modification or disclosure. The Office of the Australian Information Commissioner confirms that reasonable steps may include the preparation and implementation of a data breach response plan or policy.

Key Takeaways

Encryption exists between the original source and final destination. Decryption occurs when the end users open their message. Accordingly, EE2E shields conversations from all but the sender and receiver. In determining if EE2E is relevant for your App you will need to consider the content of the information you are sharing or not sharing, whether it is private and whether your users will expect it to be private. Contact LegalVision’s IT lawyers to assist you with any questions you may have. Call us on 1300 544 755.

Webinars

Construction Contract Essentials

Thursday 12 August | 11:00 - 11:45am

Online
Understand how construction contracts are drafted and how to protect your construction business.
Register Now

Startup 101: Understanding Cap Tables and ESOPs

Thursday 19 August | 11:00 - 11:45am

Online
Cap tables and employee share option plans are essential for fast-growing startups. Learn more with this free webinar.
Register Now

About LegalVision: LegalVision is a tech-driven, full-service commercial law firm that uses technology to deliver a faster, better quality and more cost-effective client experience.

The majority of our clients are LVConnect members. By becoming a member, you can stay ahead of legal issues while staying on top of costs. From just $119 per week, get all your contracts sorted, trade marks registered and questions answered by experienced business lawyers.

Learn more about LVConnect

Need Legal Help? Get a Free Fixed-Fee Quote

If you would like to receive a free fixed-fee quote or get in touch with our team, fill out the form below.

  • 2020 Excellence in Technology & Innovation – Finalist – Australasian Law Awards 2020 Excellence in Technology & Innovation Finalist – Australasian Law Awards
  • 2020 Employer of Choice – Winner – Australasian Lawyer 2020 Employer of Choice Winner – Australasian Lawyer
  • 2021 Fastest Growing Law Firm - Financial Times APAC 500 2021 Fastest Growing Law Firm - Financial Times APAC 500
  • 2020 AFR Fast 100 List - Australian Financial Review 2020 AFR Fast 100 List - Australian Financial Review
  • 2021 Law Firm of the Year - Australasian Law Awards 2021 Law Firm of the Year - Australasian Law Awards
  • Most Innovative Law Firm - 2019 Australasian Lawyer 2019 Most Innovative Firm - Australasian Lawyer