WhatsApp — one of the most used chat apps across the world — is now testing the most sought-out feature on its app: multi-device support.
Currently, you can use the app on only one device, and that’s mostly your phone. You can use the web clientor the desktop app to chat with your friends and family, but your phone has to be connected to the internet.
Last month, the company confirmed that it’s working on a feature that will let you link four devices to one account. Meaning, you can use each device independently, as long as you’re connected to the internet.
Last night, WhatsApp said that it’s rolling out this feature to a limited number of users. Plus, it detailed how it plans to implement this feature while preserving your privacy.
What’s the challenge for secure multi-device communication?
Having multiple devices connected to an account for a chat app is not new. Telegram, for instance, uses its cloud to let you use the app on multiple devices independently. However, these messages are not protected by end-to-end encryption — a marquee feature for WhatsApp.
Currently, WhatsApp uses your phone to generate keys for end-to-end encryption. Your desktop clients are just mirrors for that. For multi-device communication, that method is not effective. So WhatsApp needs to store secure combinations of identities of all your linked devices.
Plus, the company says it has developed a technology called Automatic Device Verification to verify your linked devices automatically when sending messages. Till now, if you had to link a device — mostly your desktop client — to your phone’s WhatsApp account, you had to scan a QR code. But for the multi-device function, you’ll also need to provide biometric authentication.
How WhatsApp plans to facilitate secure communication with the multi-device features?
When there is only one source device, it’s easy to generate an encryption channel, and have the desktop client rely on the source’s channel. However, when you have multiple devices linked to an account, this architecture needs to change. When this feature rolls out, WhatsApp will establish multiple secure channels of two types: from your source to other devices and from your source to the sender’s device.
When you’ll send a message to a friend, WhatsApp will first send it to a server. That server will send the message to all your devices for syncing, and to your friend through multiple end-to-end encrypted secure channels. The company says that the server doesn’t store any of your messages.
For securing calls, the app plans to use a protocol called Secure Real-time Transport Protocol (SRTP). Through this, when you initiate a call, all of your friend’s linked devices receive 32-bit SRTP master secret keys. When your friend receives a call from one of these devices, a secure connection is established through the SRTP master key generated for that device.
The company said that the new technology also helps you maintain message history across devices that are protected by end-to-end encryption. It hasn’t provided any timeline as to when it plans to roll this feature out to the masses, but we’ll keep an eye on it.
You can read more about how WhatsApp plans to use encryption across devices in this whitepaper.