A peek into the tech behind WhatsApp’s new multi-device feature
Rolling out to a select number of users
What’s the challenge for secure multi-device communication?
Having multiple devices connected to an account for a chat app is not new. Telegram, for instance, uses its cloud to let you use the app on multiple devices independently. However, these messages are not protected by end-to-end encryption — a marquee feature for WhatsApp.
Currently, WhatsApp uses your phone to generate keys for end-to-end encryption. Your desktop clients are just mirrors for that. For multi-device communication, that method is not effective. So WhatsApp needs to store secure combinations of identities of all your linked devices.
Plus, the company says it has developed a technology calledAutomatic Device Verification to verify your linked devices automatically when sending messages. Till now, if you had to link a device — mostly your desktop client — to your phone’s WhatsApp account, you had to scan a QR code. But for the multi-device function, you’ll also need to provide biometric authentication.
How WhatsApp plans to facilitate secure communication with the multi-device features?
When there is only one source device, it’s easy to generate an encryption channel, and have the desktop client rely on the source’s channel. However, when you have multiple devices linked to an account, this architecture needs to change. When this feature rolls out, WhatsApp will establish multiple secure channels of two types: from your source to other devices and from your source to the sender’s device.
When you’ll send a message to a friend, WhatsApp will first send it to a server. That server will send the message to all your devices for syncing, and to your friend through multiple end-to-end encrypted secure channels. The company says that the server doesn’t store any of your messages.
For securing calls, the app plans to use a protocol called Secure Real-time Transport Protocol (SRTP). Through this, when you initiate a call, all of your friend’s linked devices receive 32-bit SRTP master secret keys. When your friend receives a call from one of these devices, a secure connection is established through the SRTP master key generated for that device.
The company said that the new technology also helps you maintain message history across devices that are protected by end-to-end encryption. It hasn’t provided any timeline as to when it plans to roll this feature out to the masses, but we’ll keep an eye on it.
You can read more about how WhatsApp plans to use encryption across devices inthis whitepaper.
Story byIvan Mehta
Ivan covers Big Tech, India, policy, AI, security, platforms, and apps for TNW. That’s one heck of a mixed bag. He likes to say “Bleh.“Ivan covers Big Tech, India, policy, AI, security, platforms, and apps for TNW. That’s one heck of a mixed bag. He likes to say “Bleh.”
Get the TNW newsletter
Get the most important tech news in your inbox each week.
