WhatsApp said that a new update to its web and desktop apps now will require users to unlock access to their accounts using biometric security systems already set up on their phones. This means that anyone with TouchID, FaceID, or any Android alternatives will need to use them when connecting with WhatsApp’s other apps. “Biometric scans, including fingerprints, are often superior to passwords for authentication. No one else has your fingerprints and they don’t require the user to memorize anything,” Paul Bischoff, a privacy advocate at Comparitech, told Lifewire via email. “WhatsApp’s new feature is specifically required for syncing conversations to the desktop or web versions of WhatsApp,” he added. “Prior to this update, the user had to scan a QR code in order to sync messages, but that left messages vulnerable to anyone with physical access to the user’s phone.”
Holes In the Walls
One of the most appealing things about applications like WhatsApp always has been the promise of security. By offering messaging that is “encrypted from end to end,” WhatsApp has gained the trust of many as a secure place to contact friends, family, and business partners. When the company introduced support for its desktop app in 2015, it added more convenience, but also brought a security flaw into play. To sync up conversations between the mobile and desktop apps, users would have to scan a QR code. This made it possible for anyone that had access to your phone to scan the code on any computer, giving them access to your messages. Now, as many of us have found ourselves at home, having access to our WhatsApp messages and contacts on our desktops has been a handy addition to the service. Unfortunately, more use on the desktop has only made that flaw more apparent. “I’ve always worried about the security of the desktop app for several reasons,” Steve Tcherchian, chief information security officer and chief product officer at XYPRO, shared via email. “It’s simply an icon on my desktop. If someone had physical access to my computer or my computer was compromised by a remote attacker, they could simply launch the app and read my ’encrypted’ messages.” Tcherchian also noted the application’s previous authorization method, which only required users to scan a QR code in the browser or desktop app to which they wanted to sync their messages. According to Tcherchian, this lack of security always was a big concern, because someone could gain access to his private messages without him even knowing it.
Is Big Tech Watching?
By adding support for your phone’s biometric security authentication, the system that allows syncing between the mobile app and WhatsApp’s desktop or web apps has become more secure. But at what cost? Since Facebook’s purchase of WhatsApp in 2014, many have had concerns about how much access Facebook has to their data. In its privacy policy, WhatsApp breaks down how it handles all of its users’ data, explaining how some content is shared with Facebook to help fight spam, control ads, etc. Ultimately, though, your messages are yours, and even WhatsApp can’t read them. Unfortunately, that isn’t good enough for some, and many already are sharing concerns about WhatsApp using your biometric data. “Does this then mean that WhatsApp, and its parent companies, have access to, and storage of, peoples biometric identity?” A user wrote on Twitter. WhatsApp has assured users that it doesn’t have access to their biometric data, nor does Facebook. Biometric data isn’t even stored in the app. Instead, WhatsApp uses the built-in biometric API that phones come with. With that in mind, users should be able to use the biometric system without worrying about Big Tech. If you use WhatsApp between your phone and your computer, having the extra layer of security that biometric authentication brings is a necessity in the increasingly dangerous online world we live in.
