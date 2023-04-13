When it comes to messaging platforms, there are many different options to choose from, but WhatsApp consistently ranks at the top of lists as one of the best messaging apps available thanks to its robust set of features, enhanced security, and ease of use. While things with the app are still great, over the coming months, WhatsApp will be bringing enhancements to the app's security, ensuring that its users have the best protections available.

Source: Meta

If you're a WhatsApp user, you'll know that the company doesn't make it easy when it comes to switching from and one device to another. While that might some day be a thing of the past with the eventual release of 'companion mode', it still wants to keep things as secure as possible, in order to prevent an account from being hijacked and transferred without authorization. According to the WhatsApp blog, this is where the company's new 'Account Protect' initiative comes into play, as it will request authorization and verification on the old device before the account is transferred to a new handset or tablet.

Device Verification is another method that WhatsApp will use to keep users and their accounts secure. There's a deep dive into the technology behind this feature on the Engineering at Meta website, and while technical, requires no interaction or input from the user, as it will be active at all times. Although WhatsApp is known for its end-to-end encryption, there are times when malware can interfere with this secure environment. These infections can interfere with the way the app functions, sometimes even sending out messages without the user's permission or knowledge.

WhatsApp shares that although its authentication keys are safe, there could be instances where rogue apps can steal this information. One such example of this is an unauthorized third party WhatsApp client. If the authentication key is compromised in this manner, a bad actor could use this information to impersonate the user in chat, sending out unwanted messages and images, while also trying to perpetrate scams. Not only is this bad for the user, but bad for everyone else involved, as it can be hard to tell what's really going on. Device Verification will use three new parameters to prevent this kind of activity from occurring in the future.

Device Verification introduces three new parameters: A security-token that’s stored on the users` device. A nonce that is used to identify if a client is connecting to retrieve a message from WhatsApp server. An authentication-challenge that is used to asynchronously ping the users` device. These three parameters help prevent malware from stealing the authentication key and connecting to WhatsApp server from outside the users` device read more

Now, if you're a WhatsApp user on Android, this feature has already been rolled out, so it's probably a good idea to update to the latest build. But if you're on iOS, this important security feature has yet to roll out, so be vigilant as the update is set to arrive in the coming months. In addition to the above, WhatsApp will also enhance its current security code verification feature. In its current form, users can check the code by going to a user's profile, but the company will begin to implement something called 'Key Transparency' in order to make it easier for its users to verify the code.

Source: Meta

WhatsApp will begin using an Auditable Key Directory (AKD) that will allow users to easily and more quickly validate a code going forward. The company has outlined its approach with this new method below.

Our approach to key transparency is two-pronged and introduces two new components: The server (WhatsApp) maintains an append-only AKD of public keys mapped to user accounts. A third-party audit record, wherein any change in the server directory is recorded in a publicly available, privacy-preserving audit record for anyone to verify. read more

While this new method is secure and much faster, WhatsApp does state that the traditional security code verification will be the best option for users if they don't want a feature that relies on its servers. Of course, you're welcome to check out all the details about the technology, as stated on the Engineering at Meta website. If you have yet to try a messaging app, it's a great time to try one, as it offers plenty of benefits over traditional messaging apps.