WhatsApp launched a browser extension called Code Verify on Friday. It allows users to verify if the WhatsApp Web version they’re accessing is authenticated. According to Meta, this Web extension instantly validates the validity of the WhatsApp Web code being delivered to its users. It certifies that their chatting experience is safe and not interfered with. The Code Verify extension was created in collaboration with Cloudflare, a business specializing in web security and infrastructure. It’s accessible as an open-source project, allowing other companies, organizations, and people to use the same interface for their apps. This open-source project hopes to receive contributions from developers worldwide, allowing the extension to improve with time.
The Code Verify extension, which is available for Firefox, Chrome, and Edge, scans for resources throughout the whole webpage to verify the code’s legitimacy when you view WhatsApp Web on desktop or mobile browsers. The extension validates the code and informs users if their Web client is authorized.
The Code Verify extension launches authomatically when you navigate WhatsApp Web on the browser. When pinned to your browser’s toolbar, it displays a checkmark in a green circle to indicate that your WhatsApp Web’s code is authenticated.
If the extension is unable to validate the code supplied to you on the messaging app’s Web client, you will receive one of three messages, depending on the issue:
Possible Risk Detected: The Code Verify extension displays an orange circle with a question mark when it detects any extensions interfering with its capacity to authenticate a page.
Network Timed Out: The Code Verify extension displays an orange circle with a question mark if the network has timed out without the page being validated.
Validation Failure: The Code Verify icon will turn red and show an exclamation mark when your extension identifies that the code running your WhatsApp Web isn’t the same as everyone’s.
When the Code Verify extension symbol in your toolbar is orange, green, or red, you may get additional information about the validation by clicking on it. If there’s a problem, you may click the “Learn More” option to learn more about how to resolve the issue. You may also download its source code to dig more into the problem or have it validated by a third party.
One of the primary motivations for WhatsApp releasing a browser extension to check its authenticity is to safeguard users from unintentionally utilizing malicious and fake editions of the service. In addition, it serves as a real-time notification mechanism for users of WhatsApp Web.
Since it recently permitted users to access the messaging service concurrently on different platforms, it has become critical for WhatsApp to safeguard consumers on its Web version, just as it does on the mobile app. According to the company’s blog, since the launch of the multi-device functionality, the firm has observed a rise in individuals using WhatsApp via their Web browser via WhatsApp Web.
The new extension does not log metadata, data, or user data, and it does not exchange information with WhatsApp, according to WhatsApp’s FAQ website. According to the firm, the plugin does not read or access your communications. Instead, it further claims that neither Meta nor WhatsApp will be able to tell whether someone has installed the plugin.
Unlike mobile apps, which may secure users by only allowing access through authorized app stores (such as Google Play Store and Apple’s App Store) and rolling out frequent updates, Web clients don’t usually have that degree of security. If you visit a questionable URL from your browser, things might go awry. As a result, it is reasonable for WhatsApp to release a native Web extension that validates the code and alerts users if it has been tampered with.
However, code manipulation isn’t the only security weakness that might affect WhatsApp Web users. It is still insecure, and it might allow hackers to access your machine or trick you into clicking on malicious links that lead to phishing attempts.
