WhatsApp is making a big security change - here's how it affects you

News
By
last updated

New Code Verify extension adds an extra layer of security to WhatsApp Web

WhatsApp web code verify extension
(Image credit: WhatsApp)

WhatsApp has revealed a new open source browser extension to help further protect those who use its online messaging service.

The company has teamed up with web infrastructure company Cloudflare to launch Code Verify, which they say provides independent, third-party, transparent verification of the code users are served on WhatsApp Web

This ensures that your WhatsApp Web code hasn't been tampered with or altered.

TechRadar needs you!

We're looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn't take more than 60 seconds of your time. Thank you for taking part.

>> Click here to start the survey in a new window <<

While WhatsApp protects the personal messages sent on WhatsApp Web using end-to-end encryption as they transit from sender to recipient, there are numerous factors that can weaken the security of a web browser that don't exist in the mobile app space. 

At the same time, as mobile operating systems such as iOS and Android were created after the web, the security guarantees on mobile can be stronger, particularly when it comes to how app stores review and approve each new app and software update.

In addition to deploying Code Verify for WhatsApp Web, WhatsApp is also offering it as open source software on GitHub so that other services can use it as well.

Code Verify

Subresource integrity is a security feature that allows web browsers to verify that the resources they fetch haven't been manipulated and while this only applies to single files, Code Verify expands on the concept to check the resources of an entire webpage.

In order to do this at scale though, WhatsApp has partnered with Cloudflare to act as a trusted third party. In fact, the company has given Cloudflare a cryptographic hash source of truth for WhatsApp Web's JavaScript code so that when someone uses Code Verify, the extension automatically compares the code running on WhatsApp Web against the version of the code it verified and published on Cloudflare.

Read More

> WhatsApp update is borrowing another feature from Messenger and Instagram

> This WhatsApp update is adding a super helpful online shopping tool

> Meta is building WhatsApp into its workplace collaboration platform

The Code Verify extension is offered by Meta Open Source and will be available on the official browser extension stores for Google Chrome, Microsoft Edge and Mozilla Firefox

In a blog post, WhatsApp highlights the fact that its new extension doesn't log any data, metadata or user data and it also doesn't share any information with the service itself. Messages that users send and receive using WhatsApp Web are not read or accessed by the company and neither it or its parent company Meta will even know whether or not someone has downloaded the Code Verify extension.

Once installed, the extension will run automatically whenever you go to WhatsApp Web and will act as a real-time alert system for the code you're being served. You can also pin the extension to your browser's toolbar to see its findings without any additional steps.

TOPICS
Anthony Spadafora
Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Read more
A finger touching the google chrome icon in the Windows 10 start menu
A new Chrome browser highjacking attack could affect billions of users - here's how to fight it
Young woman holds a smartphone with a beam of light obscuring her eyes
Privacy powerhouses: 5 apps to take your online security to the next level
Telegram
Telegram rolls out third-party account verification
Bangalore, India - October, 10, 2024: Close up image of WhatsApp logo on a windows desktop running windows 11. Windows on Desktop.
How to use WhatsApp on desktop
In this photo illustration a Google Play logo seen displayed on a smartphone.
The end of fake VPNs? Google Play Store now shows which VPNs are secure enough to be trusted
chrome firefox extensions
Google Chrome extensions hit in major attack - dozens of developers affected, so be on your guard
Latest in Security
An American flag flying outside the US Capitol building against a blue sky
Sean Plankey selected as CISA director by President Trump
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.
Nation-state threats are targeting UK AI research
Scam alert
Fake jobs and phone calls: How Americans lost $12.5 bn to fraud in 2024
Application Security Testing Concept with Digital Magnifying Glass Scanning Applications to Detect Vulnerabilities - AST - Process of Making Apps Resistant to Security Threats - 3D Illustration
Google bug bounty payments hit nearly $12 million in 2024
Scam alert
A new SMS energy scam is using Elon Musk’s face to steal your money
Representational image of a cybercriminal
Allstate sued for exposing personal customer information in plaintext
Latest in News
Vision Pro Metallica
Apple Vision Pro goes off to never never land with Metallica concert footage
Mufasa is joined by another lion, a monkey and a bird in this promotional image
Mufasa: The Lion King prowls onto Disney+ as it finally gets a streaming release date
An American flag flying outside the US Capitol building against a blue sky
Sean Plankey selected as CISA director by President Trump
An Nvidia GeForce RTX 4060 on a table with its retail packaging
Nvidia RTX 5060 GPU spotted in Acer gaming PC, suggesting rumors of imminent launch are correct – and that it’ll run with only 8GB of video RAM
Indiana Jones talking to a friend in a university setting with a jaunty smile on his face
New leak claims Indiana Jones and the Great Circle PS5 release will come in April
A close up of the limited edition vinyl turntable wrist watch from AndoAndoAndo
This limited-edition timepiece turns the iconic Technics SL-1200 turntable into a watch, and I want one
More about security
An American flag flying outside the US Capitol building against a blue sky

Sean Plankey selected as CISA director by President Trump
Scam alert

Fake jobs and phone calls: How Americans lost $12.5 bn to fraud in 2024
Vision Pro Metallica

Apple Vision Pro goes off to never never land with Metallica concert footage
See more latest
Most Popular
Vision Pro Metallica
Apple Vision Pro goes off to never never land with Metallica concert footage
HP LaserJet Pro 3000 on modern office desk
Now HP printers are being bricked following firmware update
Meta QLC Server
Facebook engineers say bigger hard disk drives is making one critical metric far, far worse
Mufasa is joined by another lion, a monkey and a bird in this promotional image
Mufasa: The Lion King prowls onto Disney+ as it finally gets a streaming release date
Two iPhones showing Apple HomeKit settings
Still using an iPad as a Home Hub? Bad news – Apple is about to end support for it
Horizon Zero Dawn Remastered
Future PlayStation games could have AI-powered characters, if this leaked prototype of Aloy is anything to go by
An American flag flying outside the US Capitol building against a blue sky
Sean Plankey selected as CISA director by President Trump
Scam alert
Fake jobs and phone calls: How Americans lost $12.5 bn to fraud in 2024
Indiana Jones talking to a friend in a university setting with a jaunty smile on his face
New leak claims Indiana Jones and the Great Circle PS5 release will come in April
OpenAI
OpenAI wants to help your business build its next generation of AI agents