Everywhere extreme encrypted messaging service WhatsApp melds security and comfort for 2,000 billion people around the world. But there has always been a big limitation: the service is based entirely on your phone. You can use your account on desktops or via the web, but you’re actually interacting with the mirror of what you have on your phone. If its battery dies or you want to use two secondary devices at the same time, you won’t be lucky. But WhatsApp says it has finally come up with a solution.
Today is WhatsApp launches limited beta to start real-world testing in a multi-device scheme. With the new feature you can use WhatsApp on your phone and four other devices at the same time. The only note is that these other four must be “non-existent” devices. Your phone will be the first device you set up for WhatsApp; you can add other devices by scanning the QR codes on your phone.
Using WhatsApp between devices would not be a problem if your data lives on WhatsApp servers. But the company’s extreme encryption scheme prevents you from ever seeing the content of your messages, and WhatsApp doesn’t save them at all after delivery. That’s why mirroring your phone to your desktop, as WhatsApp and many other secure messaging apps have historically done, is an attractive option. All security protections extend from your phone and nothing happens independently on the other device. An intricate cryptographic battle is required to fatten other devices and keep everything in sync.
“When we’re entering a multi-device era, ensuring the safety of WhatsApp is bulletproof protection is the team’s biggest concern,” says Scott Ryder, WhatsApp’s director of WhatsApp consumer engineering. “It’s really the reason the project took more than two years. When we agreed on both internal and external security studies, we achieved that goal, which was an exciting moment. “
The basic idea of end-to-end encrypted communication is that data cannot always be read except to the sender and receiver. This means, for example, that a message is decrypted and available on the phone you sent and the phone of the person you sent it to. Making group messages or calls makes it a little difficult, but as long as everyone uses the same device all the time, it’s doable.
You can see how complicated it is to control who a service is if everyone has three devices at once and wants to synchronize between them in real time. Without full extreme encryption, a central server can take a small look at the data to see where to go. But when you try to keep things locked you need a special system to operate.
Like Facebook CEO Mark Zuckerberg put ra WABetaInfo in early June, “it has been a major technical challenge to properly sync all messages and content across all devices.”
Everything works has two main components. One is that instead of having a unique identity key for each user — that is, the phone associated with the account — each device you use for WhatsApp now has its own identity key. The WhatsApp server stores a sort of tree in the family of all the identities of the device in a person’s account; when someone goes to this account to send a message, the server provides a complete list of keys to access that message on all the appropriate devices.
WhatsApp says it has carefully added checks on this system to make sure that a bad actor can’t add additional devices to your account and can’t receive your messages. Users can consult the list of devices associated with their account to ensure that there is no ground, and can also make a “security code” with someone who is communicating to ensure that the two codes match. If something goes wrong and a user has an additional device that is not registered in their account, the codes do not match.