WhatsApp’s dev team unveiled a new browser extension not long after simultaneously supporting multiple devices in its beta edition. A new add-on, called Code Verify, checks that WhatsApp’s web version is safe enough and that its end-to-end encryption hasn’t been breached to endanger the privacy of users.
WhatsApp claims it has seen an increase in the amount of online logins since it added multi-device capability. In addition, the web app is more vulnerable to assaults by design. In other words, Code Verify is as secure as a native Windows, iOS, or Android software.
It’s a basic browser addon. It just does a hash code comparison with the one uploaded to a reputable Cloudflare server. If everything is OK, the extension will give you the go-ahead to continue conversing.
WhatsApp’s dev team unveiled a new browser extension not long after simultaneously supporting multiple devices in its beta edition. A new add-on, called Code Verify, checks that WhatsApp’s web version is safe enough and that its end-to-end encryption hasn’t been breached to endanger the privacy of users.
WhatsApp has seen an increase in the number of WhatsApp online logins since introducing multi-device capability. The web app, on the other hand, is more vulnerable to assault since it is hosted on the internet. In other words, Code Verify is as secure as a native Windows, iOS, or Android application.
In terms of functionality, the browser add-on is quite basic. It just does a hash code comparison with the one uploaded to a reputable Cloudflare server. You’ll get the all-clear to continue conversing when the extension confirms that everything is well.
Describe the process of Code Verify
Subresource integrity is a security feature that allows web browsers to check that the resources they retrieve have not been tampered with. Code Verify improves on this notion. In contrast to subresource integrity, Code Verify verifies all resources on a page. Using Cloudflare as a trusted third-party, Code Verify can do this at scale and increase the level of confidence in the process.
Cloudflare now has a cryptographic hash of WhatsApp Web’s JavaScript code as a source of truth. Using Code Verify, a user may have their WhatsApp Web code compared to the version of the code that has been confirmed by WhatsApp and published on Cloudflare. Code Verify will alert the user if it finds any discrepancies.
Code Verify uses Cloudflare’s third-party verification to automatically discover files that have been tampered with. This is the first time this has been done at this scale. Cloudflare, WhatsApp, and the Code Verify extension all work together to provide real-time code verification on WhatsApp. The cryptographic hash source of truth and extension will automatically be updated whenever WhatsApp Web’s code is changed.
Verify your WhatsApp account by entering the verification code.
In a blog post, Cloudflare explains how this method works in further detail, including their function as a trusted third-party.
The Code Verify procedure
Google Chrome, Microsoft Edge and Mozilla Firefox users will soon be able to download Meta Open Source’s Code Verify browser plugin. Data, metadata, and personal information provided by users are not stored or shared by the extension with WhatsApp. Your sent and received mails are likewise unaffected. If you use the Code Verify plugin, WhatsApp and Meta will have no idea. Additionally, Cloudflare does not receive any communications or conversations sent between users using the Code Verify plugin.
A real-time alarm system for the code you’re being fed on WhatsApp Web is provided by Code Verify, which is automatically installed. You may examine the results of the extension’s search by pinning it to the toolbar of your web browser. A traffic signal for your WhatsApp Web code, you might say.
- As soon as WhatsApp Web’s code has been confirmed, the Code Verify symbol will become green in the browser (see below).
- Check your page or another addon may be interfering with Code Verify if the orange Code Verify symbol appears (see image below). Your other browser extensions will be paused by Code Verify if this is the case.
- If the Code Verify symbol (shown below) is red, it indicates that the WhatsApp Web code you’re being sent has a potential security risk.
- Verify your WhatsApp account by entering the verification code.
- For more information on how to use Code Verify and what to do if validation fails, see this page.
To allow others to benefit from it as well.
Code Verify may be found on GitHub website’s There are many advantages to making the Code Verify addon open source. You can see how other firms, organisations and people may use this degree of openness to their own apps and discuss fresh ideas with one another in order to enhance this feature. Second, it gives the public control over the level of openness in government. People can observe for themselves that the extension hasn’t been tampered with since it exists outside of WhatsApp and its infrastructure. Third, the extension’s discoverability provides a kind of protection. Because it’s in the public light, the open source community can help keep it safe.
With Code Verify, we feel that we are breaking new ground in terms of third-party code verification, especially at this size. To make third-party validated web code the new standard, we hope more services utilise the open source version of Code Verify. And we think that this will enable individuals all across the globe get better security safeguards and propel the industry forward as a whole.
Download the Code Verify extension for: