To keep WhatsApp Web users secure, Meta this week announced a new browser extension called Code Verify – an open-source tool for verifying the WhatsApp web code served to users.
Code Verify works in association with Cloudflare, to which Meta has shared the actual WhatsApp Web code so that it can compare and check with what’s the user is using. If any discrepancies are found in the integrity of WhatsApp web, Code Verify will notify the user.
Checking the Integrity of WhatsApp Web
WhatsApp’s launch of multi-device support in the latest beta has led many users to try WhatsApp on multiple devices. And the popular device most people use after their phones is their browser. But, since they’re being served WhatsApp on the web, there are chances of being duped due to manipulated javascript code.
Thus, Meta came up with a solution – Code Verify – an open-source browser extension to check the integrity of WhatsApp Web. This is available for Chrome, Edge, and Firefox, and is based on the concept of subresource integrity.
Under this, the Code Verify will analyze the WhatsApp Web code used by the user in his browser and match it with the actual code supplied by Meta for good going. And if any discrepancies in the code are found, Code Verify will let the user know.
This happens in three ways, as below;
- Code Verify will run immediately, and if the WhatsApp Web code is fully validated, the Code Verify icon in the browser will appear green (see below).
- If the Code Verify icon appears orange (see below), it means that you need to refresh your page or another browser extension is interfering with Code Verify. In this instance, Code Verify will recommend that you pause your other browser extensions.
- If the Code Verify icon appears red (see below), it will indicate that there is a possible security issue with the WhatsApp Web code you’re being served.
Code Verify works with the help of Cloudflare, to which Meta has shared the cryptographic hash source of truth for WhatsApp Web’s JavaScript code. Assuring that this extension doesn’t log or share any user data or metadata, Meta said that Code Verify is made open source so that other services can use it as well.
