Meta-owned messaging platform WhatsApp has added a layer of security through a web browser extension called Code Verify that provides real-time, third-party verification that the code running someone’s WhatsApp Web has not been tampered with.
Code Verify has been made available as a web browser extension that automatically verifies the authenticity of the WhatsApp Web code being served to a user’s browser and confirms that it hasn’t been tampered with or altered.
“There are many factors that could weaken the security of a web browser that don’t exist in the mobile app space, such as browser extensions. As WhatsApp Web usage grows, we want to strengthen our security protections as well,” the company said.
Through this move, WhatsApp said that it is further strengthening its security for non-mobile users. Code Verify is also being open sourced so that other messaging services can enable people to verify that the code they are being served on the web is the same that everyone else is using.
“A good way to think about Code Verify is a traffic light for the security of your (user’s) WhatsApp Web. If the code matches and is validated, the Code Verify icon on your browser will turn green,” the company said.
For Code Verify, the messaging platform has struck a partnership with cybersecurity firm Cloudflare to provide independent, third-party, transparent code verification to WhatsApp Web users on FireFox, Edge and Chrome web browsers.
Explaining the user interface for the feature, a company blog said: “Once you install the Code Verify extension, it will automatically be pinned to Firefox or Edge browsers, and Chrome users will need to pin it for optimal use.”
“Then when someone uses WhatsApp Web, the Code Verify extension automatically compares the code that the browser is receiving from WhatsApp Web, creates a hash (which is like a fingerprint of the code) and then matches that against the hash or fingerprint of the WhatsApp Web code we shared with CloudFlare,” it added.