WhatsApp is making a big security change - here's how it affects you

News
By last updated

New Code Verify extension adds an extra layer of security to WhatsApp Web

WhatsApp web code verify extension
(Image credit: WhatsApp)

WhatsApp has revealed a new open source browser extension to help further protect those who use its online messaging service.

The company has teamed up with web infrastructure company Cloudflare to launch Code Verify, which they say provides independent, third-party, transparent verification of the code users are served on WhatsApp Web

This ensures that your WhatsApp Web code hasn't been tampered with or altered.

TechRadar needs you!

We're looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn't take more than 60 seconds of your time. Thank you for taking part.

>> Click here to start the survey in a new window <<

While WhatsApp protects the personal messages sent on WhatsApp Web using end-to-end encryption as they transit from sender to recipient, there are numerous factors that can weaken the security of a web browser that don't exist in the mobile app space. 

At the same time, as mobile operating systems such as iOS and Android were created after the web, the security guarantees on mobile can be stronger, particularly when it comes to how app stores review and approve each new app and software update.

In addition to deploying Code Verify for WhatsApp Web, WhatsApp is also offering it as open source software on GitHub so that other services can use it as well.

Code Verify

Subresource integrity is a security feature that allows web browsers to verify that the resources they fetch haven't been manipulated and while this only applies to single files, Code Verify expands on the concept to check the resources of an entire webpage.

In order to do this at scale though, WhatsApp has partnered with Cloudflare to act as a trusted third party. In fact, the company has given Cloudflare a cryptographic hash source of truth for WhatsApp Web's JavaScript code so that when someone uses Code Verify, the extension automatically compares the code running on WhatsApp Web against the version of the code it verified and published on Cloudflare.

Read More

> WhatsApp update is borrowing another feature from Messenger and Instagram

> This WhatsApp update is adding a super helpful online shopping tool

> Meta is building WhatsApp into its workplace collaboration platform

The Code Verify extension is offered by Meta Open Source and will be available on the official browser extension stores for Google Chrome, Microsoft Edge and Mozilla Firefox

In a blog post, WhatsApp highlights the fact that its new extension doesn't log any data, metadata or user data and it also doesn't share any information with the service itself. Messages that users send and receive using WhatsApp Web are not read or accessed by the company and neither it or its parent company Meta will even know whether or not someone has downloaded the Code Verify extension.

Once installed, the extension will run automatically whenever you go to WhatsApp Web and will act as a real-time alert system for the code you're being served. You can also pin the extension to your browser's toolbar to see its findings without any additional steps.

TOPICS
Anthony Spadafora
Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Read more
A finger touching the google chrome icon in the Windows 10 start menu
A new Chrome browser highjacking attack could affect billions of users - here's how to fight it
Young woman holds a smartphone with a beam of light obscuring her eyes
Privacy powerhouses: 5 apps to take your online security to the next level
Telegram
Telegram rolls out third-party account verification
Bangalore, India - October, 10, 2024: Close up image of WhatsApp logo on a windows desktop running windows 11. Windows on Desktop.
How to use WhatsApp on desktop
In this photo illustration a Google Play logo seen displayed on a smartphone.
The end of fake VPNs? Google Play Store now shows which VPNs are secure enough to be trusted
chrome firefox extensions
Google Chrome extensions hit in major attack - dozens of developers affected, so be on your guard
Latest in Security
Close up of a person touching an email icon.
Criminals are using CSS to get around filters and track email usage
DeepSeek on a mobile phone
More US government departments ban controversial AI model DeepSeek
Ransomware
Fortinet firewall bugs are being targeted by LockBit ransomware hackers
Trojan
Microsoft warns of a devious new RAT malware which can avoid detection with apparent ease
NordProtect logo
Standalone identity theft protection from Nord Security is now available
A man holds a smartphone iPhone screen showing various social media apps including YouTube, TikTok, Facebook, Threads, Instagram and X
Ofcom cracks down on UK tech firms, will issue sanctions for illegal content
Latest in News
Perplexity Squid Game Ad
New ad declares Squid Game's real winner is Perplexity AI
Frank Grimes confronts Homer Simpson in The Simpsons&#039; Homer&#039;s Enemy episode
Disney+ adds a new continuous Simpsons stream, so you no longer have to spend ages choosing an episode
Helly and Mark standing on an artificial hill surrounded by goats in Severance season 2 episode 3
New Apple teaser for Severance season 2 finale suggests we might finally find out what Lumon is doing with those goats, and I don't think it's anything good
Foldable iPhone
Apple’s first foldable iPhone could beat the Samsung Galaxy Z Fold 7 in one key way
Marvel Rivals
Marvel Rivals' next update will add two new hero skins for Iron Man and Spider-Man mains this week
Nvidia Isaac GROOT N1
“The age of generalist robotics is here" - Nvidia's latest GROOT AI model just took us another step closer to fully humanoid robots
More about security
Robotic hand clicking on captcha &#039;I am not a robot&#039;.

Fake CAPTCHAs are being used to spread malware - and we only have ourselves to blame
Close up of a person touching an email icon.

Criminals are using CSS to get around filters and track email usage
Nvidia Earth-2 weather models

Nvidia has updated its virtual recreation of the entire planet - and it could mean better weather forecasts for everyone
See more latest
Most Popular
Nvidia Earth-2 weather models
Nvidia has updated its virtual recreation of the entire planet - and it could mean better weather forecasts for everyone
Sennheiser HD 550 headphones profile shot
Sennheiser announces new HD 550 headphones with high-quality audio for gamers and audiophiles
Perplexity Squid Game Ad
New ad declares Squid Game's real winner is Perplexity AI
Frank Grimes confronts Homer Simpson in The Simpsons&#039; Homer&#039;s Enemy episode
Disney+ adds a new continuous Simpsons stream, so you no longer have to spend ages choosing an episode
Foldable iPhone
Apple’s first foldable iPhone could beat the Samsung Galaxy Z Fold 7 in one key way
Robotic hand clicking on captcha &#039;I am not a robot&#039;.
Fake CAPTCHAs are being used to spread malware - and we only have ourselves to blame
Nvidia DGX Station
Nvidia’s DGX Station brings 800Gbps LAN, the most powerful chip ever launched in a desktop workstation PC
NVIDIA RTX PRO 6000 Blackwell Server Edition
Nvidia launches its fastest GPU ever: Nvidia RTX Pro 6000 Blackwell Workstation Edition is an enhanced version of the RTX 5090 with more of everything
A still from the movie She Will
Everything leaving Hulu in April 2025
Nvidia Blackwell Ultra
Nvidia GTC 2025: New Blackwell Ultra GPU series is the most powerful AI hardware yet