WhatsApp launches multi-device beta with support for end-to-end encryption
WhatsApp has launched a limited beta test of a new feature that will allow users to run the chat app on up to four different devices simultaneously.
The new feature, which the company claims has required an infrastructure overhaul, will support WhatsApp on a mobile phone and four other non-phone devices, such as a tablet and desktop PC.
To achieve this, the company said it had made significant changes to the platform’s architecture for it to work across multiple devices while also supporting end to end encryption.
WhatsApp already has a feature which allows the app to be ported to a desktop machine – be it macOS, Windows, or Portal – but that keeps the user’s phone as the “source of truth” or primary device. This is where the desktop maintains a persistent connection with the phone and simply mirrors content from the mobile on screen. If the smartphone runs out of battery, this connection is lost.
To get around this, and maintain its encryption standards, WhatsApp has changed the way it stores user information on its servers and the way it uses identity keys. Previously, keys were attributed to just the user, however WhatsApp servers will now maintain a map of each person’s account via their devices.
Now, when a user wants to send a message, they will get their device list keys from the server. In order to reduce the number of times they need to perform identity verifications, WhatsApp has added a new system, called Automatic Device Verification, that allows the user’s devices to automatically establish trust.
End-to-end encryption is achieved on WhatsApp by placing both sender and receiver into a “pairwise encrypted session” – essentially a secure data plane. For multi-device communications, WhatsApp is adopting a ‘client-fanout’ approach where the sender encrypts and transmits to each of the receiver’s different devices.
Messages are not stored on the server after they are delivered, according to WhatsApp, and groups will still use the same scalable Sender Key encryption scheme from the Signal Protocol.
Adding new devices will still be done through the mobile app, with QR codes, though it will now need biometric authentication. Users will also be able to see which devices are in their accounts and remotely log out of them if needed.
© Dennis Publishing
Professional Development for IT professionals
The mission of the Irish Computer Society is to advance, promote and represent the interests of ICT professionals in Ireland. Membership of the ICS typically reduces courses by 20%. Find out more