WhatsApp’s Code Verify extension is available for download on Chrome, Firefox, and Edge.
WhatsApp released a Web browser extension called Code Verify on Friday, which allows users to check whether the WhatsApp Web version they are using on their system is authenticated. According to Meta, the Web extension automatically verifies the authenticity of the WhatsApp Web code being served to users and confirms that their messaging experience is secure and not tampered with. Cloudflare, a Web infrastructure and security company, collaborated on the Code Verify extension. It’s available as an open-source project, allowing other businesses, organisations, and individuals to integrate the same experience into their apps. Open-sourcing will also enable the extension to receive contributions from developers all over the world, allowing it to improve over time.
The Code Verify extension, which is available for download on Chrome, Firefox, and Edge, searches the entire webpage for resources to verify the authenticity of the code when you open WhatsApp Web on your mobile or desktop browser.
“For WhatsApp Web’s JavaScript code, we’ve given Cloudflare a cryptographic hash source of truth.” When someone uses Code Verify, the extension “automatically compares the code that runs on WhatsApp Web against the version of the code verified by WhatsApp and published on Cloudflare,” according to a blog post from the instant messaging app.
When the extension validates the code, it notifies users whether the Web client they are using is authenticated.
When you use WhatsApp Web in your browser, the Code Verify extension is activated automatically. When pinned to your browser’s toolbar, it displays a checkmark in a green circle to indicate that the code of your WhatsApp Web has been fully validated.
If the extension is unable to validate the code that was served to you on the messaging app’s Web client, you will receive one of three different messages, depending on the issue.
- Network Timed Out: If your network timed out and your page could not be validated, your Code Verify extension will display an orange circle with a question mark.
- Possible Risk Detected: If one or more of your extensions is interfering with the Code Verify extension’s ability to verify the page, an orange circle with a question mark will appear.
- Validation Failure: If the extension detects that the code you’re using to run WhatsApp Web differs from the code used by everyone else, the Code Verify icon will turn red and display an exclamation mark.
When the Code Verify extension icon in your toolbar is green, orange, or red, you can view more information about the validation. If there is a problem, you can click the Learn More button to learn more about how to resolve the authentication issue. You can also download the source code if you want to look into the problem further or have it verified by a third party.
One of the main reasons WhatsApp introduced a browser extension to verify its authenticity is to protect users from unknowingly using malicious versions of the messaging service. It serves as a real-time alert system, informing users whether they are using the authenticated WhatsApp Web on their browser.
Since WhatsApp recently enabled users to access the messaging service on multiple devices at the same time, it has become critical for WhatsApp to protect users on its Web version, just as it is attempting to protect users on its mobile app. According to the company’s blog post, since the introduction of the multi-device capability, there has been an increase in people accessing WhatsApp via their Web browser via WhatsApp Web.
According to WhatsApp’s FAQ page, the new extension does not log any data, metadata, or user data and does not share any information with WhatsApp. According to the company, the extension also does not read or access your messages. It also guarantees that neither WhatsApp nor Meta will be able to tell if someone has downloaded the extension.
Unlike mobile apps, where developers can protect users by granting access only through authenticated app stores — such as Apple’s App Store and Google Play — and by releasing regular updates, Web clients typically do not have that level of protection. Things could also go wrong if you install a malicious extension or visit a suspicious website through your browser. As a result, it makes sense for WhatsApp to launch a native Web extension to validate the code and notify users if there is any tampering. However, code tampering is not the only security flaw that could affect WhatsApp Web users. It is still vulnerable and could allow hackers to gain access to your system or trick you into falling for phishing scams.