WhatsApp on Friday launched a web browser extension called Code Verify that lets users check if the web version of WhatsApp they are using on their systems is authenticated. The web extension automatically verifies the authenticity of the WhatsApp web code provided to users and ensures that their messaging experience is secure and has not been tampered with, Meter-owned company said. The Code Verify extension has been developed in partnership with CloudFlare, a web infrastructure and security company. It is available as an open source project that allows other companies, groups and individuals to integrate the same experience for their app. Open sourcing will help developers around the world contribute to improve extensions over time.
Available for download on Chrome, Firefox and Edge, the Code Verification extension checks for resources on the entire webpage to verify the authenticity of the code when you open WhatsApp Web in your mobile or desktop browser.
“We’ve given CloudFlare a true cryptographic hash source for the JavaScript code on the WhatsApp web. When someone uses Code Verify, the extension automatically compares the code running on the WhatsApp web with the version of the code verified by WhatsApp and published in Cloudflare, “the instant messaging app said in a blog post.
Once the code is verified by the extension, it lets users know if the web client they are using is authenticated.
The Code Verify extension runs automatically when you use WhatsApp Web in your browser. It shows a checkmark in a green circle when it is pinned to your browser’s toolbar to reflect that your WhatsApp web code has been fully verified.
If the extension is unable to verify the code served to you in the messaging app’s web client, you will receive three separate messages – depending on the problem.
- Network Timeout: If your page cannot be verified because your network timed out, your Code Verification extension will display an orange circle with a question mark.
- Potential Risk Identified: If one or more extensions interfere with your ability to verify the page, your code verification extension will display an orange circle with a question mark.
- Validation Failure: If the extension detects that the code you are using to run WhatsApp Web is not the same as the code that everyone else is using, the code verification icon will turn red and show an exclamation mark.
You can see more information about validity when it is green, orange or red by clicking on the code verification extension icon in your toolbar. If there is a problem, you can hit Learn more Buttons to learn more about how you can solve authentication problems. You can download the source code if you want to further investigate the issue or have it verified by an organization.
WhatsApp code verification will show different verification alerts – depending on the condition of the code
Photo Credit: WhatsApp
One of the primary reasons for launching a browser extension to verify the authenticity of WhatsApp is to protect users from unknowingly using a malicious version of the messaging service. It serves as a real-time alert to let users know if they are using authenticated WhatsApp web in their browser.
Protecting users has become really important in the web version of WhatsApp – just like how it tries to protect mobile apps – since it has recently enabled users to access messaging services on multiple devices simultaneously. The company said in a blog post that since the introduction of the multi-device capability, it has increased the number of people accessing WhatsApp through their web browsers via the WhatsApp web.
WhatsApp notes on a FAQ page that the new extension does not log any data, metadata or user data and does not share any information with WhatsApp. The extension does not read or access your messages, the company said. This promises that neither WhatsApp nor Meta will know if anyone has downloaded the extension.
Unlike a mobile app where developers have the ability to protect users only through authenticated App Stores – such as Apple’s App Store and Google Play Store – and by rolling out regular updates, web clients typically do not have that level of protection. Things can go wrong if you download a malicious extension or visit a suspicious webpage from your browser. Thus, it is understandable for WhatsApp to introduce a native web extension to verify the code and inform users of any tampering issues.
That said, code tampering is not the only security flaw that can affect WhatsApp web users. It is still vulnerable and could allow hackers to gain access to your system or block phishing attacks through malicious links.
Users are therefore advised to always avoid clicking on any annoying links and to interact with suspicious people online. WhatsApp has also provided a mechanism to help report suspicious and spam accounts.