WhatsApp on Friday introduced a Web browser extension called Code Verify that lets users check whether the WhatsApp Web version they are using on their system is authenticated.
Available for download on Chrome, Firefox, and Edge, the Code Verify extension checks for the resources on the entire webpage to verify the authenticity of the code when you open WhatsApp Web on your mobile or desktop browser.
The Web extension automatically verifies the authenticity of the WhatsApp Web code being served to the users and confirms that their messaging experience is secure and not tampered with, the company owned by Meta said.
The Code Verify extension has been developed in partnership with Cloudflare, a Web infrastructure and security company. It’s available as an open-source project to let other companies, groups, and individuals integrate the same experience for their apps. Open-sourcing will also help receive contributions from developers around the world to improve the extension over time.
“We’ve given Cloudflare a cryptographic hash source of truth for WhatsApp Web’s JavaScript code. When someone uses Code Verify, the extension automatically compares the code that runs on WhatsApp Web against the version of the code verified by WhatsApp and published on Cloudflare,” the instant messaging app said in a blog post.
Once the code is verified by the extension, it notifies users whether the Web client they are using is authenticated.
Ads by
The Code Verify extension runs automatically when you use WhatsApp Web on your browser. It shows a checkmark in a green circle when it is pinned to the toolbar of your browser to reflect that the code of your WhatsApp Web has been fully validated.
In case the extension is unable to validate the code that has been served to you on the Web client of the messaging app, you will get three distinct messages — depending on the issue.
One of the primary reasons for WhatsApp to introduce a browser extension to verify its authenticity is to help protect users from unknowingly using any malicious versions of the messaging service. It acts as a real-time alert system to let users know whether they are using the authenticated WhatsApp Web on their browser.
It has indeed become important for WhatsApp to protect users on its Web version — just like how it is trying to protect on the mobile app — since it recently enabled users to access the messaging service simultaneously on multiple devices. The company said in its blog post that since the introduction of the multi-device capability, it has seen an increase in people accessing WhatsApp through their Web browser via WhatsApp Web.
Unlike a mobile app where developers have the ability to protect users by giving access only through authenticated app stores — like Apple’s App Store and Google Play store — and by rolling out regular updates, Web clients normally don’t have that level of protection. Things could also go wrong if you download a malicious extension or visit a suspicious webpage from your browser. It, thus, makes sense for WhatsApp to introduce a native Web extension to validate the code and notify users in case of any tampering issues.
Having said that, code tampering is not the only security flaw that could impact users on WhatsApp Web. It is still vulnerable and could let hackers gain access to your system or trap you into phishing attacks via malicious links.
Users are, therefore, recommended to always avoid clicking on any pesky links and avoid interacting with suspicious people online. WhatsApp has also given a mechanism to help report suspicious and spam accounts.
Unlike a mobile app where developers have the ability to protect users by giving access only through authenticated app stores — like Apple’s App Store and Google Play store — and by rolling out regular updates, Web clients normally don’t have that level of protection. Things could also go wrong if you download a malicious extension or visit a suspicious webpage from your browser. It, thus, makes sense for WhatsApp to introduce a native Web extension to validate the code and notify users in case of any tampering issues.
Having said that, code tampering is not the only security flaw that could impact users on WhatsApp Web. It is still vulnerable and could let hackers gain access to your system or trap you into phishing attacks via malicious links.
WhatsApp Desktop May Let Users React to Messages Using Right-Click Menu
How to Identify Fake News, Misinformation in WhatsApp
WhatsApp Users Could Soon Create Group Polls and Vote
WhatsApp Bans 18.58 Lakh Indian Accounts in January