{"id":331,"date":"2021-08-31T14:39:51","date_gmt":"2021-08-31T14:39:51","guid":{"rendered":"https:\/\/fde.cat\/?p=331"},"modified":"2021-08-31T14:39:51","modified_gmt":"2021-08-31T14:39:51","slug":"how-whatsapp-enables-multi-device-capability","status":"publish","type":"post","link":"https:\/\/fde.cat\/index.php\/2021\/08\/31\/how-whatsapp-enables-multi-device-capability\/","title":{"rendered":"How WhatsApp enables multi-device capability"},"content":{"rendered":"

For years, people have been asking us to create a true multi-device experience that allows people to use WhatsApp on other devices without requiring a smartphone connection.<\/span><\/p>\n

Today, we\u2019re announcing the rollout of a limited public beta test for WhatsApp\u2019s updated multi-device capability.\u00a0<\/span><\/p>\n

With this new capability, you can now use WhatsApp on your phone and up to four other nonphone devices simultaneously \u2014 even if your phone battery is dead. Each companion device will connect to your WhatsApp independently while maintaining the same level of privacy and security through end-to-end encryption that people who use WhatsApp have come to expect. Importantly, we have developed new technologies to maintain end-to-end encryption while still managing to sync your data \u2014 such as contact names, chat archives, starred messages, and more \u2014 across devices.<\/span><\/p>\n

To achieve this, we had to rethink WhatsApp\u2019s architecture and design new systems to enable a standalone multi-device experience while preserving privacy and end-to-end encryption<\/a>.\u00a0<\/span><\/p>\n

Taking smartphones out of the equation<\/span><\/h2>\n

The current WhatsApp experience for companion devices on web, macOS, Windows, and Portal uses a smartphone app as the primary device, making the phone the source of truth for all user data and the only device capable of encrypting or decrypting messages, initiating calls, etc. Companion devices maintain a persistent secure connection with the phone and simply mirror its contents on their own UI.\u00a0<\/span><\/p>\n

This architecture makes it easy to deliver a seamlessly synchronized experience between a phone and companion device without compromising on security. However, it comes with some significant reliability trade-offs: By requiring the phone to perform all operations, companion devices are slower and frequently get disconnected \u2014 especially when the phone has a poor connection, its battery is running low, or the application process gets killed by the phone\u2019s OS. It also allows for only a single companion device to be operative at a time, meaning people can\u2019t be on a call in Portal while checking their messages on their PC, for example.\u00a0<\/span><\/p>\n

The new WhatsApp multi-device architecture removes these hurdles, no longer requiring a smartphone to be the source of truth while still keeping user data seamlessly and securely synchronized and private.<\/span><\/p>\n

The challenge in accomplishing this was in maintaining the secure user experience across devices without having to store people\u2019s private messages on our servers in new ways.<\/span><\/p>\n

Meeting the security challenges of multiple devices<\/span><\/h2>\n

Prior to our introducing multi-device, everyone on WhatsApp was identified by a single identity key from which all encrypted communication keys were derived. With multi-device, each device now has its own identity key.<\/span><\/p>\n

The WhatsApp server maintains a mapping between each person\u2019s account and all their device identities. When someone wants to send a message, they get their device list keys from the server.\u00a0\u00a0<\/span><\/p>\n

We have also addressed the challenge of preventing a malicious or compromised server from eavesdropping on someone\u2019s communications by surreptitiously adding devices to someone\u2019s account. We use a combination of technologies to solve this: First, we have extended security codes to now represent the combination of all of someone\u2019s device identities so that anyone and their contact can always verify all the devices they are sending messages to.\u00a0<\/span><\/p>\n

Second, in order to reduce the number of times that someone needs to perform identity verifications, we have developed and will roll out a technology called Automatic Device Verification. This system allows for devices to automatically establish trust between each other in a way that someone needs to compare another user\u2019s security code only if that user reregisters their entire account, rather than each time they link a new device to their account.\u00a0<\/span><\/p>\n

Finally, we also give people additional control and protections over which devices are linked to their account. First, everyone will continue to be required to link new companion devices by scanning a QR code from their phone. This process now requires biometric authentication before linking where people have enabled this feature on compatible devices. Finally, people will be able to see all the companion devices linked to their account as well as when they were last used, and will be able to log out of them remotely if needed.\u00a0<\/span><\/p>\n

Maintaining message privacy<\/span><\/h2>\n

When people message each other in a one-on-one chat, a pairwise encrypted session is established between each of the sender\u2019s and recipient\u2019s devices. WhatsApp multi-device uses a client-fanout approach<\/span>,<\/span> where the WhatsApp client sending the message encrypts and transmits it N number of times to N number of different devices <\/span>\u2014 those in the sender and receiver\u2019s device lists<\/span>. Each message is individually encrypted using the established pairwise encryption session with each device. M<\/span>essages are not stored on the server after they are delivered. For groups, we still use the same scalable Sender Key encryption scheme from the Signal Protocol.<\/span><\/p>\n<\/p>\n

WhatsApp\u2019s legacy architecture used a smartphone as the source of truth. But with the new multi-device capability, up to four other nonphone companion devices can connect to WhatsApp independently while still maintaining the same level of privacy and security.<\/p>\n

Adapting voice and video protocols for multi-device, end-to-end encryption\u00a0\u00a0<\/span><\/h2>\n

When someone on WhatsApp makes a voice or video call:<\/span>
\n<\/span><\/p>\n

The initiator generates a set of random 32-byte <\/span>SRTP<\/span> master secrets for each of the recipient\u2019s devices.<\/span>
\n<\/span>
\nThe initiator sends an incoming call message (using the client-fanout approach described above) to each of the devices of the recipient. Each recipient\u2019s device receives this message, which contains the encrypted <\/span>SRTP<\/span> master secret.<\/span>
\nIf the responder answers the call from one of the devices, a SRTP<\/span> encrypted call is started, protected by the <\/span>SRTP<\/span> master secret generated for that device.<\/span><\/p>\n

The <\/span>SRTP<\/span> master secret persists in memory on the client device and is used only during the call. Our servers do not have access to the <\/span>SRTP<\/span> master secrets.<\/span><\/p>\n

For group calls, the server randomly selects a participant device that is in the call (either the initiator or a device on which a user has accepted the call) to generate the <\/span>SRTP<\/span> master secret. That device generates the secret and sends it to other active participant devices through pairwise end-to-end encryption. This process is repeated, and the keys are reset whenever someone joins or leaves the call.<\/span><\/p>\n

Keeping message history and other application states in sync across devices<\/span><\/h2>\n

We want to ensure that people have a consistent experience with WhatsApp no matter the device they are using. To achieve this, we synchronize message history as well as other application state data (such as contact names, whether a chat is archived, or if a message is starred) across devices. All of this data is synchronized and end-to-end encrypted between your devices.<\/span><\/p>\n

For message history: When a companion device is linked, the primary device encrypts a bundle of the messages from recent chats and transfers them to the newly linked device. The key to this encrypted message history blob is delivered to the newly linked device via an end-to-end encrypted message. After the companion device downloads, decrypts, unpacks, and stores the messages securely, the keys are deleted. From that point forward, the companion device accesses the message history from its own local database.<\/span><\/p>\n

Other application data requires more than an initial transfer from the phone. We also need an ongoing synchronization every time someone modifies their application state (e.g., when they add a new contact, mute a chat, or star a message).<\/span><\/p>\n

To solve this, the WhatsApp server securely stores a copy of each application state that all of someone\u2019s devices can access. To properly secure this, all the information, and even the metadata about the information (what kind of user data is stored or accessed), is end-to-end encrypted with constantly changing keys known only to that person\u2019s devices.\u00a0<\/span><\/p>\n

How to try WhatsApp multi-device beta\u00a0<\/span><\/h2>\n

We plan to initially test the experience with a small group of users from our existing beta program. We will continue optimizing performance and adding a few additional features before slowly rolling it out more broadly. Those who opt in can always opt back out.<\/span><\/p>\n

For more information about the beta and to sign up, visit the WhatsApp Help Center<\/a>.<\/span><\/p>\n

For more information about WhatsApp multi-device, read our updated whitepaper<\/a>.<\/span><\/p>\n

The post How WhatsApp enables multi-device capability<\/a> appeared first on Facebook Engineering<\/a>.<\/p>\n

Read More<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

For years, people have been asking us to create a true multi-device experience that allows people to use WhatsApp on other devices without requiring a smartphone connection. Today, we\u2019re announcing the rollout of a limited public beta test for WhatsApp\u2019s updated multi-device capability.\u00a0 With this new capability, you can now use WhatsApp on your phone… Continue reading How WhatsApp enables multi-device capability<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"spay_email":"","footnotes":""},"categories":[7],"tags":[],"class_list":["post-331","post","type-post","status-publish","format-standard","hentry","category-technology","entry"],"jetpack_featured_media_url":"","jetpack-related-posts":[{"id":800,"url":"https:\/\/fde.cat\/index.php\/2023\/12\/07\/building-end-to-end-security-for-messenger\/","url_meta":{"origin":331,"position":0},"title":"Building end-to-end security for Messenger","date":"December 7, 2023","format":false,"excerpt":"We are beginning to upgrade people\u2019s personal conversations on Messenger to use end-to-end encryption (E2EE) by default Meta is publishing two technical white papers on end-to-end encryption: Our Messenger end-to-end encryption whitepaper describes the core cryptographic protocol for transmitting messages between clients. The Labyrinth encrypted storage protocol whitepaper explains our\u2026","rel":"","context":"In "Technology"","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":702,"url":"https:\/\/fde.cat\/index.php\/2023\/04\/13\/how-device-verification-protects-your-whatsapp-account\/","url_meta":{"origin":331,"position":1},"title":"How Device Verification protects your WhatsApp account","date":"April 13, 2023","format":false,"excerpt":"WhatsApp has launched a new security feature that further helps prevent attackers from using vectors like on-device malware. This security feature, called Device Verification, requires no action or additional steps from users and helps protect your account. This feature is part of our broader work to increase security for our\u2026","rel":"","context":"In "Technology"","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":462,"url":"https:\/\/fde.cat\/index.php\/2021\/09\/20\/how-whatsapp-is-enabling-end-to-end-encrypted-backups\/","url_meta":{"origin":331,"position":2},"title":"How WhatsApp is enabling end-to-end encrypted backups","date":"September 20, 2021","format":false,"excerpt":"For years, in order to safeguard the privacy of people\u2019s messages, WhatsApp has provided end-to-end encryption by default \u200b\u200bso messages can be seen only by the sender and recipient, and no one in between. Now, we\u2019re planning to give people the option to protect their WhatsApp backups using end-to-end encryption\u2026","rel":"","context":"In "Technology"","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":784,"url":"https:\/\/fde.cat\/index.php\/2023\/11\/08\/enhancing-the-security-of-whatsapp-calls\/","url_meta":{"origin":331,"position":3},"title":"Enhancing the security of WhatsApp calls","date":"November 8, 2023","format":false,"excerpt":"New optional features in WhatsApp have helped make calling on WhatsApp more secure. \u201cSilence Unknown Callers\u201d is a new setting on WhatsApp that not only quiets annoying calls but also blocks sophisticated cyber attacks. \u201cProtect IP Address in Calls\u201d is a new setting on WhatsApp that helps hide your location\u2026","rel":"","context":"In "Technology"","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":551,"url":"https:\/\/fde.cat\/index.php\/2022\/03\/10\/code-verify-an-open-source-browser-extension-for-verifying-code-authenticity-on-the-web\/","url_meta":{"origin":331,"position":4},"title":"Code Verify: An open source browser extension for verifying code authenticity on the web","date":"March 10, 2022","format":false,"excerpt":"Since WhatsApp introduced multi-device capability last year, we\u2019ve seen an increase in people accessing WhatsApp directly through their web browser via WhatsApp Web. With this shift in mind, we\u2019ve been looking at ways to add additional layers of security to the WhatsApp Web experience. Starting today, you can now use\u2026","rel":"","context":"In "Technology"","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":701,"url":"https:\/\/fde.cat\/index.php\/2023\/04\/13\/deploying-key-transparency-at-whatsapp\/","url_meta":{"origin":331,"position":5},"title":"Deploying key transparency at WhatsApp","date":"April 13, 2023","format":false,"excerpt":"WhatsApp has launched a new cryptographic security feature to automatically verify a secured connection based on key transparency.\u00a0 The feature requires no additional actions or steps from users and helps ensure that a conversation is secure.\u00a0 Key transparency solutions help strengthen the guarantee that end-to-end encryption provides to private, personal\u2026","rel":"","context":"In "Technology"","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"_links":{"self":[{"href":"https:\/\/fde.cat\/index.php\/wp-json\/wp\/v2\/posts\/331","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/fde.cat\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/fde.cat\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/fde.cat\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/fde.cat\/index.php\/wp-json\/wp\/v2\/comments?post=331"}],"version-history":[{"count":1,"href":"https:\/\/fde.cat\/index.php\/wp-json\/wp\/v2\/posts\/331\/revisions"}],"predecessor-version":[{"id":379,"href":"https:\/\/fde.cat\/index.php\/wp-json\/wp\/v2\/posts\/331\/revisions\/379"}],"wp:attachment":[{"href":"https:\/\/fde.cat\/index.php\/wp-json\/wp\/v2\/media?parent=331"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/fde.cat\/index.php\/wp-json\/wp\/v2\/categories?post=331"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/fde.cat\/index.php\/wp-json\/wp\/v2\/tags?post=331"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}