The ubiquitous end-to-end encrypted messaging service WhatsApp melds security and convenience for 2 billion people around the world. But there's always been a big limitation: The service relies entirely on your smartphone. You can use your account on desktops or through the web, but you're really just interacting with a mirror of what's on your phone. If its battery dies, or you want to use two secondary devices at once, you're out of luck. But WhatsApp says it has finally, finally figured out a solution.
Today WhatsApp is launching a limited beta to start real-world testing on a multi-device scheme. With the new feature, you'll be able to use WhatsApp on your phone and up to four other devices all at once. The only caveat is that those other four need to be “non-phone” devices. Your smartphone will still be the first device where you set up WhatsApp; you'll add the other devices by scanning QR codes from your phone.
Using WhatsApp across devices wouldn't be any trouble if your data lived on WhatsApp's servers. But the company's end-to-end encryption scheme keeps it from ever seeing the contents of your messages, and they're not stored by WhatsApp at all after delivery. This is why mirroring your phone to your desktop, as WhatsApp and many other secure messaging apps have historically done, is an appealing option. All the security protections extend from your phone, and there's nothing actually happening independently on the other device. It takes complicated cryptographic wrangling to actually anoint other devices and keep everything in sync.
“As we enter the multi-device era, guaranteeing that the security of WhatsApp remains bulletproof is the team’s largest concern,” says Scott Ryder, director of WhatsApp consumer engineering. “Really, it’s the core of why the project took over two years to complete. When both internal and external security reviews agreed we’d achieved that goal—that was an exciting moment.”
The foundational idea of end-to-end encrypted communication is that data is unreadable at all times except to the sender and receiver. That means, for example, that a message is only decrypted and accessible on the phone you sent it from and the phone of the person you sent it to. Group messaging or calling makes this a little more complicated, but as long as everyone is using the same device all the time, it's doable.
You can see how it gets more complicated, though, for a service to keep track of who's who if everyone suddenly has three devices and wants real-time syncing between them. Without full end-to-end encryption, a central server can take little peeks at the data to figure out what needs to go where. But when you're really trying to keep things locked down, you need a special system to make it work.
As Facebook CEO Mark Zuckerberg put it to WABetaInfo at the beginning of June, “It's been a big technical challenge to get all your messages and content to sync properly across devices."
Making it all work involves two main components. One is that, instead of having a single identity key for each user—in other words, the smartphone associated with the account—each device you use for WhatsApp now has its own identity key. WhatsApp's server keeps a sort of family tree of all the device identities on a person's account; when someone goes to send a message to that account, the server provides the whole list of keys so that message goes to all the right devices.
WhatsApp says it has carefully added checks on this system to make sure a bad actor can't add extra devices to your account and receive your messages. Users can check the list of devices linked to their account to ensure there aren’t lurkers, and they can also do a “security code” comparison with someone they’re communicating with to ensure the two codes match. If something has gone awry and one user has an extra, unverified device registered to their account, the codes won’t match.
The second component necessary for all of this to work relates to the security of your actual messages and app settings. When you set up a new WhatsApp device, the system will deliver your entire message history from your smartphone to the new computer in one bulk delivery. This initial archive transfer allows you to securely move everything into place. You obviously still need real-time syncing after that, though, so if you mute a chat or add a new contact, it shows up everywhere. To deal with this, WhatsApp stores an encrypted version of this information on its server. WhatsApp can never access the information, only your devices have the keys to read it, but it essentially provides a water cooler where your different devices can meet and swap updates.
The benefits of having full-fledged WhatsApp on multiple devices are obvious. It makes the service easier and more fun to use, and it mitigates the catastrophe if you lose your phone and want to keep using WhatsApp in the interim. But features like this have a lot of moving parts, and that creates opportunities for mistakes and potential vulnerability.
“We’ve reviewed and received feedback on all of our technical designs from both in-house and external security researchers,” Alfonso Gómez-Jordana, a WhatsApp product manager, told WIRED. “And we've reviewed our implementation with internal security teams as well.”
All of this outside vetting and input is important to checking the WhatsApp team's work. The company has also updated its WhatsApp white paper to go into greater detail on the technical and cryptographic concepts underlying this multi-device scheme. The feature will roll out slowly to users for the next few months. The next test will be whether real-world attackers find any weaknesses on their own.