Following a change in its privacy policy that led to an outbreak of competing applications such as Signal and Telegram, WhatsApp is adding a new layer of security to the process of linking an account to a computer. The messaging service owned by Facebook is now working on an update that will allow users to use biometrics on their phone for verification.
Any device that is compatible with its biometric authentication – whether it be fingerprint, face or iris unlocking – can benefit from this security feature. There is no support for conventional options like PIN, pattern or password unlocking. What is noteworthy is that the app will only charge biometrics when you connect the account to a computer for the first time.
WhatsApp is also extremely careful with its communication this time around and has already made it clear that the company does not have access to the biometric information stored by your device’s operating system.
The new update does not appear to be live yet, but you should expect it to arrive in the coming days. The company also promises that by 2021 ‘it will add much more functionality to its desktops and web clients. This can be a reference to support for voice and video calls or login for multiple devices.
Device connection safety
While WhatsApp was first created for mobile, hundreds of millions of people worldwide today use WhatsApp on their computer via our desktop applications and WhatsApp Web.
This year we are going to add a lot more features to our applications for Mac and Windows as well as the internet. We want WhatsApp Web and desktop to be just as robust as our mobile applications, allowing people to communicate privately and securely in the way that is best for them, in the palms of their hands or on their computers.
Today we put even more security on WhatsApp Web and desktop, and add an extra layer of protection when you want to connect your WhatsApp account to your computer.
To do this, we use the unlocking of the face or fingerprint where it is available on the mobile operating system. To connect WhatsApp Web or Desktop to your WhatsApp account, you will do so now asked to use your face or fingerprint lock on your phone before scanning a QR code from the phone to pair your device.
This will limit the chance that a roommate or an official (when we have it again) can connect devices without you to your WhatsApp account. It builds on our existing security measures, which today alert you to your phone when logging in to the web / desktop, and the ability to disconnect devices from your phone at any time.
The face and fingerprint verification takes place in a privacy-preserving way. WhatsApp is by design not accessing the biometric information stored by your device’s operating system.
The new security update for pairing devices will be introduced to users with compatible devices in the coming weeks, along with a visual redesign of the WhatsApp website on phones.
——
Additional background
- To connect WhatsApp Web, Desktop or Portal to your WhatsApp account, if you have enabled biometric authentication on your device, this update means that you now need to verify your identity using the face or fingerprint unlock on your phone.
- After verifying your identity, you can set up WhatsApp Web as usual by opening WhatsApp Web on the browser of the paired device and scanning a QR code from the phone.
- By design, WhatsApp does not have access to the biometric information stored by your device’s operating system. The verification is performed by the operating system of the user’s device (using the biometric identifier stored there), which tells WhatsApp whether the verification is complete. This verification process will only take place if the user has set this feature on their device, which means that they give permission for the processing of their biometric data by the company behind the operating system.
- WhatsApp uses the same standard biometric authentication APIs that other secure applications, such as banking applications, use
- This additional security layer is enabled by default for all users who have enabled biometric authentication on their phones. Since biometric authentication for WhatsApp Web is enabled by default on compatible devices, there is no option to uninstall it unless the user disables biometric authentication on their device.
- The update also provides a visual refresh of the “WhatsApp Web” page in the Android and iOS applications, where users will see an updated design to more easily connect new devices and manage existing devices.
- * Compatible devices are:
- iPhone: All devices using iOS 14 and later with Touch ID or Face ID (iPhone 5s and beyond)
- Android: any device that is compatible with biometric authentication (face lock, fingerprint lock, or iris lock)
