WhatsApp launches multi-device beta with support for end to end encryption
An infrastructure change means up to four devices can be attached to a single account without compromising security or privacy, company claims
WhatsApp has launched a limited beta test of a new feature that will allow users to run the chat app on up to four different devices simultaneously.
The new feature, which the company claims has required an infrastructure overhaul, will support WhatsApp on a mobile phone and four other non-phone devices, such as a tablet and desktop PC.
To achieve this, the company said it had made significant changes to the platform's architecture for it to work across multiple devices while also supporting end to end encryption.
WhatsApp already has a feature which allows the app to be ported to a desktop machine - be it macOS, Windows, or Portal - but that keeps the user's phone as the "source of truth" or primary device. This is where the desktop maintains a persistent connection with the phone and simply mirrors content from the mobile on screen. If the smartphone runs out of battery, this connection is lost.
To get around this, and maintain its encryption standards, WhatsApp has changed the way it stores user information on its servers and the way it uses identity keys. Previously, keys were attributed to just the user, however WhatsApp servers will now maintain a map of each person's account via their devices.
Now, when a user wants to send a message, they will get their device list keys from the server. In order to reduce the number of times they need to perform identity verifications, WhatsApp has added a new system, called Automatic Device Verification, that allows the user's devices to automatically establish trust.
How to maximise the value of your data and apps with IaaS
Free yourself from infrastructure complexityDownload now
End-to-end encryption is achieved on WhatsApp by placing both sender and receiver into a "pairwise encrypted session" - essentially a secure data plane. For multi-device communications, WhatsApp is adopting a 'client-fanout' approach where the sender encrypts and transmits to each of the receiver's different devices.
Messages are not stored on the server after they are delivered, according to WhatsApp, and groups will still use the same scalable Sender Key encryption scheme from the Signal Protocol.
Adding new devices will still be done through the mobile app, with QR codes, though it will now need biometric authentication. Users will also be able to see which devices are in their accounts and remotely log out of them if needed.
The ultimate law enforcement agency guide to going mobile
Best practices for implementing a mobile device programFree download
The business value of Red Hat OpenShift
Platform cost savings, ROI, and the challenges and opportunities of Red Hat OpenShiftFree download
Managing security and risk across the IT supply chain: A practical approach
Best practices for IT supply chain securityFree download
Digital remote monitoring and dispatch services’ impact on edge computing and data centres
Seven trends redefining remote monitoring and field service dispatch service requirementsFree download