TL;DR: Arattai, Zoho’s Indian messaging app, has activated system-wide end-to-end encryption for personal chats starting November 18, 2025, with group chats and backups to be encrypted in the coming weeks.
What Happened
- Arattai activated mandatory end-to-end encryption (E2EE) for one-to-one chats starting the night of November 18, 2025.
- Users must update to the latest version; encryption works only if both participants have updated.
- Older, non-encrypted chats are auto-archived, with a 3-day transition before encryption becomes mandatory for all new messages.
- Group chats, broadcast channels, and encrypted backups will receive E2EE in the coming weeks.
- Broadcasts are temporarily disabled until encryption-compatible updates roll out.
What Zoho Said
- Zoho founder Sridhar Vembu called the update “one of the most important in Arattai’s history,” emphasizing user privacy and no data monetization.
- He confirmed on X around 3:55 AM GMT (9:25 AM IST) on November 18 that the rollout was successful and urged users to update their apps.
How Encryption Works
- Messages, photos, videos, voice notes, documents, locations, and calls are fully encrypted.
- Encryption keys are stored only on users’ devices, with unique keys per message for forward secrecy.
- Multi-device support allows up to five linked devices with secure sessions.
Background and Timeline
- October-November posts from Zoho leadership confirmed development, testing with 6,000 employees, and the final decision to make E2EE mandatory.
- The update required a major backend redesign, shifting from cloud storage to device-only encryption.
Why It Matters
- Brings Arattai in line with global secure messaging standards like WhatsApp and Signal.
- Supports India’s data-sovereignty goals, with all user data stored on Indian servers.
- Addresses a key user demand and may boost adoption after earlier declines.
Privacy and Security Features Comparison of Top Messaging Apps in India (2025)
Aspect | Signal | WhatsApp | Telegram | Arattai |
End-to-End Encryption (E2EE) | Default for all messages and calls | Default for all one-to-one and group chats and calls; encrypted backups recently introduced | Only "Secret Chats" are E2EE; regular chats are encrypted but stored on Telegram servers | Recently rolled out mandatory E2EE for one-to-one chats; group chat and backup encryption are still rolling out |
Data Collection | Minimal; no metadata collection beyond essential info | Collects metadata extensively; shares data with Meta | Limited metadata collection; stores data on its own servers | Collects minimal data; emphasizes no tracking or monetization of user data |
Data Hosting | Global servers | Global servers | Global servers | All Indian user data stored exclusively on Indian servers (data localization) |
Ownership | Non-profit, privacy-focused organization | Meta (Facebook) | Telegram LLP, based in Dubai | Zoho Corporation, Chennai-based Indian company |
Ads/Monetization | None | None in personal chats but shares metadata for ads and business purposes | None | No ads, no tracking, no third-party data sharing |
Group Chat Encryption | Yes, full E2EE | Yes, full E2EE | No, group chats are not E2EE | Rolling out; not yet fully implemented but planned |
Backup Encryption | End-to-end encrypted backups supported | Recently introduced encrypted backups | Not end-to-end encrypted; stored on servers | Planned, not yet fully implemented |
Privacy Features | Self-destructing messages, screen security, minimal metadata | Two-step verification, encrypted backups, business chat controls | Self-destructing messages, passcodes, anonymity options | App lock, no ads, no tracking, multi-device support, made-in-India data sovereignty |
User Base in India | Niche but respected for privacy | Largest user base in India | Popular among tech-savvy users | Growing rapidly, backed by Indian government support and "Make in India" initiative |