WhatsApp dominates the secure messaging landscape—no-one has done more to bring end-to-end encryption to the masses, and its 2 billion users are materially safer for its efforts. But new updates from Apple and Google, as well as the planned mainstreaming of veritable upstart Signal have raised the bar. WhatApp is fighting back, of course, with a succession of updates now in beta. But there’s one area where WhatApp really suffers in comparison to the rest. Well, that’s about to get fixed.
As our worlds become ever more mobile, ever more immediate, the reach these platforms have secured is a goldmine—literally billions of us have turned away from traditional cellphone SMS messages to use these so-called “over the tops” instead WhatsApp started its life as a mobile phone app, a replacement for SMS. But this first-mover advantage has held WhatsApp back in one critical way. While other platforms—iMessage, Signal, Telegram, even Facebook’s own Messenger—offer seamless multiple device access, WhatsApp does not.
I first reported that multiple linked devices was under development last month. And now the excellent WABetaInfo has confirmed more code in the latest beta release that appears to confirm the update is on its way and shows how it will work in practice. Four devices linked to a single phone number, to a single account. This may mean using two-factor authentication to enable new devices, and it will mean using WhatsApp on a computer or tablet without just pulling content from your phone.
WhatsApp does not want to compromise its end-to-end encryption, and that’s where it has a challenge. Design decisions will include whether to transfer your message history to a newly linked device, whether to hold a central master repository, and how to run end-to-end encryption where both sides of a chat—or the multiple sides of a group—have more than one device, creating a wide range of endpoints.
The introduction of multiple linked devices is huge for WhatApp—it is genuinely its biggest weakness against its competition. This will allow the platform to play catch-up with the likes of iMessage and Signal, both of which have exceptionally good options to link multiple devices. If reports that Google plans to end-to-end encrypt its RCS messaging platform are true, then there’s another one in the mix.
But, for WhatsApp owner Facebook, this also brings a serious problem. Users of its popular Facebook Messenger app—which is not end-to-end encrypted by default—should now switch to WhatsApp. Multi-platform access was its main advantage over WhatsApp—that will now be gone. There is also talk of interoperability between Facebook’s platforms—meaning WhatApp users can message Messenger accounts. In time, Facebook has confirmed again this week its plans to add end-to-end encryption to messenger, but that’s not due anytime soon.
This is one of the two critical functionality updates WhatsApp is adding—the other is to extend end-to-end encryption to cloud backups. Currently these can be accessed by the cloud provider—largely Apple or Google. A WhatsApp update is also in the works to fix this issue, introducing the separation of a secure message history from the primary phone, and this may help support secure multiple device access.
The security of messing platforms, the lack of access to content by law enforcement and security agencies has created a major rift between lawmakers and the U.S. tech giants behind the platforms. And that is why the latest update teased out of a new WhatsApp beta release is so important—it’s another statement by Facebook that it intends to expand the use of encryption, widening its appeal, and consolidating the market lead that WhatsApp now enjoys and doesn’t want to let go.
As I’ve said before, despite other platforms being more secure, no-one has done more to popularize secure messaging than WhatsApp. The team is to be commended for that, and I would happily advocate anyone using the platform as their go-to messenger. One word of advice though—set-up a secure PIN inside the app, because phones do get hacked, and WhatApp can’t protect you if you don’t protect your devices. And if you are concerned about your content, disable cloud backups until they’re end-to-end encrypted by default.