Meta-owned WhatsApp on Friday announced that it has added a web browser extension called “Code Verify” that provides real-time, third-party verification that the code running someone’s WhatsApp Web has not been tampered with.
In doing this, WhatsApp is further strengthening its security for WhatsApp’s non-mobile users and putting even more power in the hands of its users.
No other end-to-end encrypted messaging app provides this level of security for people’s communications on the web. Code Verify is also being open sourced so that other messaging services can enable people to verify that the code they are being served on the web is the same that everyone else is using, – the company said in a statement.
Code Verify is now available as a web browser extension that automatically verifies the authenticity of the WhatsApp Web code being served to your browser and confirms that it has not been tampered with or altered. It works in partnership with Cloudflare to provide independent, third-party, transparent code verification to WhatsApp Web users on Firefox, Edge, and Chrome.
Once users install the Code Verify extension, it will automatically be pinned to Firefox or Edge browsers, and Chrome users will need to pin it for optimal use.
Then when someone uses WhatsApp Web, the Code Verify extension automatically compares the code that the browser is receiving from WhatsApp Web, creates a hash (which is like a fingerprint of the code), and then matches that against the hash or fingerprint of the WhatsApp Web code we shared with Cloudflare.