Meta-owned WhatsApp has on April 13 announced a slew of new features including automated security codes, device verification, and extra checks while moving accounts to another device, as the company looks to bolster its messaging app with additional layers of privacy and security.
"At WhatsApp, we believe that your messages should be as private and secure as an in-person conversation. Protecting your personal messages with default end-to-end encryption is the foundation of that security," the messaging app said in a statement.
These features are expected to be rolled out to all WhatsApp users across the world in the coming months, it said.
Whenever users want to move their WhatsApp accounts to a new device, a new feature called Account Protect will now ask them on the old device to verify whether they want to take this step as an extra security check, in order to alert any unauthorized attempt to move the account to another device.
Further, WhatsApp announced that it has added back-end checks to help authenticate accounts to help prevent attackers from using mobile device malware to send unwanted messages using the messaging app from compromised devices.
This feature is part of the company's broader work to increase security for its users from the rising threat of malware and requires no action from users, the company stated in a blogpost.
It said this feature has been rolled out to all of its users on Android and they are currently in the process of rolling it out to iOS users.
WhatsApp is also introducing a new feature that will allow users to automatically verify that they have a secure connection while chatting with their contact.
It's worth noting that the world's largest messaging app already offers a security code verification feature, that helps users ensure they are chatting with the intended recipient, by validating the security keys with a quick QR code scan or sharing the unique 60-digit code. However, this process is a bit cumbersome and one needs to check it manually by going to the encryption tab under a contact’s info.
WhatsApp said the new feature will automatically verify a secure connection without the need for sharing the 60-digit code, thereby making the process easier and more accessible to everyone.
To achieve this, WhatsApp mentioned in a blogpost that it has developed a new Auditable Key Directory (AKD), that is based on an open-sourced library, and maintains public keys mapped to user accounts. This library will enable WhatsApp clients to automatically validate that a user’s encryption key is genuine and enables anyone to verify audit-proofs of the directory’s correctness, the company said.
"The public keys are only a tool that users have to encrypt their messages. The private key - which is used to decrypt messages - are on user devices. Nobody - not even WhatsApp - has access to those private keys. A list of public keys alone cannot provide access to anyone’s content," WhatsApp noted in the blogpost.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
