An important privacy-focused feature has been introduced for managing and saving contact lists through a new encrypted storage system identity proof link storage (). This innovation aims to enable seamless synchronization and recovery of contacts across devices while enhancing privacy protection and maintaining ease of use.

Enabling users to securely store, synchronize, and recover contact lists without direct access to metadata enhances flexibility and security. It addresses long-standing challenges, such as losing contacts when switching devices. Traditionally, contact management was tied to the user's phone, and if the phone was lost, there was no reliable way to recover the contact list. It allows users to securely create and store contacts directly in the system, which can then be synchronized across multiple devices, and selectively kept confidential.

It is noteworthy that it also supports setting up multiple accounts on a single phone, providing personalized contact lists for different accounts (such as work and personal profiles). The underlying technology combines hardware-based security with a key transparency system. It uses Hardware Security Modules (HSMs) to securely store encryption keys, ensuring that even internal personnel cannot access the stored data. Contact names are encrypted using keys generated on the client device, and the system leverages the key transparency infrastructure to link phone numbers to encrypted identity keys, ensuring that only verified devices can access the encrypted contacts.

The collaboration between and ensures additional security by independently auditing encrypted records, with each update to the auditable key directory () being signed. The system's design incorporates two crucial components—key transparency and —to ensure privacy and security. The monitored by is an tamper-resistant directory that logs all key changes, allowing users to verify the authenticity of their encryption keys. Meanwhile, safeguards sensitive operations by protecting contact data and encryption processes within the infrastructure, ensuring that the data remains opaque even to ’s own engineers.

In [Month], [Year], [Organization] invited [Auditor] to conduct an independent security audit on the [System] system. The assessment uncovered several security vulnerabilities, including potential misuse of keys stored in [Component], improper key deletion practices, and potential random number reuse in encryption. [Auditor's] report emphasized that while the system's design is generally robust, certain weaknesses could allow attackers to access sensitive data under specific conditions. For instance, if encryption keys are not properly deleted, or if the server manipulates the system's encryption, attackers could intercept user data. As these issues were identified before the launch, [Organization] had the opportunity to address all [Number] security vulnerabilities before rolling out the feature to all users, ensuring that critical issues were resolved.

Implementation has provided enhanced security for over 100 million users, enabling them to more easily manage contacts across devices and prevent data loss without compromising privacy. This marks a significant advancement in privacy protection technology, allowing users to feel secure when interacting across multiple devices.

Allows you to save contacts and automatically restore them directly through . Using , you can now create contacts directly in and choose to sync them to your phone or securely save them only to - allowing you to create contacts specific to your account. This also allows you to seamlessly add and manage contacts, regardless of the device you are using, if you use associated devices. Additionally, if you have multiple accounts on the same phone (such as a work account and a personal account), you can now customize the contact list for each account. If you lose your phone, you can restore your contact list on a newly registered device.

Contact names are stored in an encrypted format, and we have built additional robust protection measures using to prevent anyone other than the user from accessing contacts. New privacy technologies have been adopted to protect your contact list in a privacy-preserving manner. To further ensure the security of the system, we have collaborated with to provide an independent third-party audit of its encryption properties. The new technology stack has been reviewed by external researchers and independent cybersecurity consulting firm .

It is a new system for , allowing users to store contact names in an encrypted manner. It enables client devices to save contact information using strong encryption keys generated on the client device. Retrieval is based on the client verifying the identity of its primary device. It is built on two existing technologies that have been widely adopted: key transparency and our Hardware Security Module (HSM).

Certain events related to your phone's application (such as installation or reinstallation) trigger the creation of a new pair of encryption keys associated with your phone number. The key transparency system publishes records of these primary device identity key changes to an append-only, cryptographically auditable key directory (), allowing clients to automatically verify the user's encryption keys.

Key transparency allows both the service provider and the general public to cryptographically verify whether a specific phone number associated with an account is linked to a specific identity key. This mechanism is adopted by end-to-end encrypted backups, enabling application logic to be executed privately and tamper-proof within data centers in a privacy-preserving manner. Data processing within the security boundary remains opaque even to internal personnel with the highest privileges and physical access to hardware.

The first building block is the Client Identity Key, which maps the client phone number to the client identity key. The primary device identity is used to authenticate the client, ensuring that only the owner of the contact encryption key is allowed to recover contacts. To reinforce the single-instance nature of the system, an additional witness has been engaged to serve as an extra witness for the new features. The witness digitally signs each epoch and the associated root hash, returning a digital signature verification to confirm that the directory has not been tampered with. The system, based on the public key of the witness, verifies the witness's signature.

Depending on the availability of the signature service, updates to cannot proceed without a digital signature for each update. Additionally, provides auditable consistency proofs for transitions between different periods. Auditable proofs are published to a write-once, read-many instance with a public interface, allowing any entity to retrieve these proofs. Using in conjunction with ensures that only one directory instance verified by a third party exists.

To ensure the privacy of user contacts registered on , contact names are first encrypted using a symmetric encryption key generated by the user's device, and then stored in the based . The storage and retrieval of the contact encryption keys are conducted through an end-to-end encrypted channel between the client and the based , ensuring that the data in transit remains opaque to .

Storing contact keys in a -based ensures that even if a user loses their phone, they can still access their contacts. If a user loses their client device and wishes to recover their contacts, a new client device can retrieve the contact keys by establishing a secure session with the -based . The verifies the client's identity by accessing the through a secure encryption protocol and checking if the client has the corresponding private key. Once the client is verified, the new client can access the contact keys in the -based key vault using the secure channel established with the client identity key and key.

It is a new system that prevents unauthorized access to sensitive data by effectively combining all data access with publicly auditable identity key changes published to the key transparency infrastructure. This approach is similar to using QR code scanning technology to detect public key leaks in end-to-end encrypted messaging systems. The new contact management method will provide users with more ways to easily manage contacts across devices and accounts, and securely store these contacts, ensuring they are not lost even when switching phones or reinstalling the app. We are excited that the app can help achieve this new feature and will contribute to ensuring that contacts are encrypted and can be easily moved with the user when they switch to a new phone.