WhatsApp introduce a Web browser extension call as Code Verify that lets users check whether the WhatsApp Web version they are using on their system is authenticate. The Web extension automatically verifies the authenticity of the WhatsApp Web code being serve to the users and confirms that their messaging experience is secure and not tamper with, the company owned by Meta said.
The Code Verify extension has been develop in partnership with Cloudflare, a Web infrastructure and security company.
It’s available as an open-source project to let other companies, groups, and individuals integrate the same experience for their apps.
Open-sourcing will also help receive contributions from developers around the world to improve the extension over time.
Available for download on Chrome, Firefox, and Edge, the Code Verify extension checks for the resources on the entire webpage to verify the authenticity of the code when you open WhatsApp Web on your mobile or desktop browser.
CLICK HERE TO DOWNLOAD THE BROWSER EXTENSION
WhatsApp Said in blog post :
“We’ve given Cloudflare a cryptographic hash source of truth for WhatsApp Web’s JavaScript code. When someone uses Code Verify, the extension automatically compares the code that runs on WhatsApp Web against the version of the code verified by WhatsApp and published on Cloudflare,”
When the code is verified by the extension, it notifies users whether the Web client they are using is authenticate.
The Code Verify extension runs automatically when you use WhatsApp Web on your browser.
It shows a checkmark in a green circle when it is pin to the toolbar of your browser to reflect that the code of your WhatsApp Web has been fully validate.
In case the extension is unable to validate the code that has been serve to you on the Web client of the messaging app, you will get three distinct messages, depending on the issue.
Network Timed Out
If your page can’t be validate because your network has timed out, your Code Verify extension will display an orange circle with a question mark.
Possible Risk Detected
If one or more of your extensions is interfering with its ability to verify the page, your Code Verify extension will display an orange circle with a question mark.
Validation Failure
If the extension detects that the code you’re using to run WhatsApp Web is not the same as the code everyone else is using, the Code Verify icon will turn red and show an exclamation mark.
You can see more information about the validation by clicking on the Code Verify extension icon in your toolbar when it is green, orange, or red.
If there is an issue, you can hit the Learn More button to know more about how you can solve the authentication problem.
You can also download the source code if you want to investigate the issue further or get it verified by an agency.
One of the primary reasons for WhatsApp to introduce a browser extension to verify its authenticity is to help protect users from unknowingly using any malicious versions of the messaging service.
It acts as a real-time alert system to let users know whether they are using the authenticated WhatsApp Web on their browser.
It has indeed become important for WhatsApp to protect users on its Web version, just like how it is trying to protect on the mobile app, since it recently enable users to access the messaging service simultaneously on multiple devices.
The company said in its blog post that since the introduction of the multi-device capability, it has seen an increase in people accessing WhatsApp through their Web browser via WhatsApp Web.
WhatsApp notes in an FAQ page that the new extension doesn’t log any data, metadata, or user data, and doesn’t share any information with WhatsApp.
This extension also doesn’t read or access your messages, the company said.
It also promises that neither WhatsApp nor Meta will know whether someone has downloaded the extension.
Unlike a mobile app where developers have the ability to protect users by giving access only through authenticated app stores, like Apple’s App Store and Google Play store, and by rolling out regular updates, Web clients normally don’t have that level of protection.
Things could also go wrong if you download a malicious extension or visit a suspicious webpage from your browser.
It makes sense for WhatsApp to introduce a native Web extension to validate the code and notify users in case of any tampering issues.
Code tampering is not the only security flaw that could impact users on WhatsApp Web.
It is still vulnerable and could let hackers gain access to your system or trap you into phishing attacks via malicious links.
Users are recommend to always avoid clicking on any pesky links and avoid interacting with suspicious people online.
WhatsApp has also given a mechanism to help report suspicious and spam accounts.
