Arattai Set for Major Security Boost as Zoho’s Sridhar Vembu Confirms Mandatory End-to-End Encryption Rollout
Zoho’s homegrown messaging platform Arattai is gearing up for one of its most significant transformations since launch, with mandatory end-to-end encryption (E2EE) set to roll out across the app. Zoho co-founder and Chief Scientist Sridhar Vembu announced the development on Sunday, confirming that the new security model, backed by a redesigned architecture, is now in its final testing phase.
Vembu revealed that the company has opted for a full-scale deployment of compulsory encryption, starting first with one-to-one conversations. Group chats will follow shortly after once the initial wave is confirmed stable. Describing the upgrade as a “drastic change,” Vembu noted that the shift required deep engineering work, making it one of the most complex enhancements Arattai has undertaken.
To ensure a smooth transition, Zoho has already put the new build into the hands of approximately 6,000 employees. These internal testers are rigorously assessing the updated architecture, reporting issues, and validating fixes. According to Vembu, several bugs surfaced during the first round of testing but were resolved quickly. A fresh build is now undergoing another validation cycle.
If all goes according to plan, the new encryption system will be pushed to users within days. Since the entire messaging backbone is being upgraded, the rollout will arrive as a mandatory update for all Arattai users.
“If all goes well, we plan to deploy in a few days. It will be a forced upgrade on all because it is a drastic change,” Vembu said.
Interestingly, the updated version of the app is already available for download on app stores, but the new encryption layer remains inactive for now. Zoho has embedded the required cryptographic framework into the build, and the encryption will be switched on remotely once the final tests conclude successfully. Users can also expect general performance improvements, including a faster and more refined interface.
The company has been transparent about the challenges involved. Responding to a curious user’s technical question on X (formerly Twitter) regarding protocol-level changes—such as key rotation strategies or metadata reduction—Vembu clarified that the fundamental encryption protocol remains intact.
“The protocol level stuff works fine because that has been stable code. The issues we identified were in the mandatory switch over process itself, and also in transferring larger files,” he explained. “The switch over process has been refined now (but we have to do this for millions of users at once, so keeping fingers crossed until it is done). Large file transfer causes memory issues in Android (iPhone works fine) and we are fixing that now.”
By moving to mandatory E2EE, Arattai strengthens its position as a secure communication platform at a time when digital privacy concerns continue to grow. As the rollout nears completion, users can expect a more robust, reliable, and privacy-focused messaging experience in the days ahead.