How WhatsApp permits multi-device functionality

For years, people have been asking us to create a true multi-device experience that will allow people to use WhatsApp on other devices without the need for a smartphone connection.

Today we announce the launch of a limited public beta test for the updated multi-device capability of WhatsApp.

With this new feature, you can now use WhatsApp on your phone and up to four other non-phone devices at the same time – even if your phone’s battery is dead. Each companion device connects independently to your WhatsApp while maintaining the same level of privacy and security through end-to-end encryption that people who use WhatsApp expect. Importantly, we’ve developed new technologies to maintain end-to-end encryption while synchronizing your data – such as contact names, chat archives, flagged messages and more – across devices.

To achieve this, we had to rethink WhatsApp’s architecture and develop new systems to enable a self-contained, multi-device experience while maintaining privacy and end-to-end encryption.

Taking smartphones out of the equation

The current WhatsApp experience for companion devices on the web, macOS, Windows and Portal uses a smartphone app as the primary device, making the phone the source of truth for all user data and the only device that can encrypt or decrypt messages, initiate calls, etc. Companion devices maintain a permanently secure connection with the phone and simply mirror its contents on their own user interface.

This architecture makes it easy to deliver a seamlessly synchronized experience between a phone and companion device without compromising security. However, it comes with some significant reliability tradeoffs: Because the phone has to do everything, companion devices are slower and often disconnected – especially when the phone has a poor connection, the battery is low, or the application process aborts from the operating system of the Phone killed. It also enables only a single companion device to be operational at the same time, which means that people cannot, for example, make phone calls in Portal while checking their messages on their PC.

The new WhatsApp multi-device architecture removes these hurdles and no longer requires a smartphone as a source of truth, while still keeping user data seamlessly and securely synchronized and private.

The challenge was to maintain the safe user experience on all devices without having to store people’s private messages on our servers in new ways.

Overcome the security challenges of multiple devices

Before the advent of Multi-Device, everyone on WhatsApp was identified by a single identity key, from which all encrypted communication keys were derived. With Multi-Device, each device now has its own identity key.

The WhatsApp server maintains an association between each person’s account and all of their device identities. When someone wants to send a message, they get their device list keys from the server.

We also faced the challenge of preventing a malicious or compromised server from eavesdropping on someone’s communications by secretly adding devices to an account. We’re using a combination of technologies to solve this: First, we’ve expanded security codes to now represent the combination of all of a person’s device identities, so everyone and their contact can always check all the devices they send messages to.

Second, we have developed and will introduce a technology called Automatic Device Verification to reduce the number of identity checks. This system enables devices to automatically trust each other so that someone only needs to compare another user’s security code when that user re-registers their entire account and not every time they link a new device to their account.

Finally, we’re also giving people extra control and protection over which devices are linked to their account. First, everyone will still need to link new companion devices by scanning a QR code from their phone. This process now requires biometric authentication prior to linking where people have enabled this feature on compatible devices. Finally, users can see all of the companion devices associated with their account, as well as their last use, and log out remotely if necessary.

Maintaining news secrecy

When people send each other messages in a one-to-one chat, a paired encrypted session is established between the sender’s and recipient’s devices. Multi-device WhatsApp uses a client fanout approach, where the WhatsApp client sending the message encrypts it N times and transmits it to N different devices – those in the device lists of the sender and receiver. Each message is individually encrypted with the paired encryption session established with each device. M.Messages are not stored on the server after delivery. For groups we still use the same scalable encryption scheme of the Sender Key from the Signal Protocol.

WhatsApp multi-device graphicsWhatsApp’s legacy architecture uses a smartphone as a source of truth. But with the new multi-device capability, up to four other companion devices can independently connect to WhatsApp without a phone, while maintaining the same level of data protection and security.

Adaptation of voice and video protocols for end-to-end encryption across devices

When someone makes a voice or video call on WhatsApp:

  1. The initiator generates a random set of 32 bytes SRTP Master secrets for each device of the recipient.
  2. The initiator sends an incoming call message (using the client fanout approach described above) to each of the recipient’s devices. Each recipient’s device receives this message, which is the encrypted SRTP Master secret.
  3. When the responder answers the call from one of the devices, a SRTP encrypted call is started, protected by the SRTP Master secret generated for this device.

The SRTP The master secret remains in the client device’s memory and is only used during the call. Our servers do not have access to the SRTP Master secrets.

For group calls, the server randomly selects a participant device that is in the call (either the initiator or a device on which a user answered the call) to receive the SRTP Master secret. This device generates the secret and sends it to other active subscriber devices using paired end-to-end encryption. This process repeats and the buttons reset when someone joins or leaves the call.

Keep message history and other application states synchronized across devices

We want to ensure that users have a consistent experience with WhatsApp regardless of the device they use. To achieve this, we synchronize message history and other application status data (e.g. contact names, whether a chat is archived or a message is marked with an asterisk) across devices. All of this data is synchronized between your devices and encrypted end-to-end.

For Message History: If a companion device is linked, the primary device will encrypt a bundle of the messages from recent chats and broadcast them to the newly linked device. The key to this encrypted message history blob is delivered to the newly linked device via an end-to-end encrypted message. After the companion device has downloaded, decrypted, unpacked, and securely stored the messages, the keys will be deleted. From this point on, the companion device will access the message history from its own local database.

Other application data requires more than an initial transfer from the phone. We also need ongoing synchronization every time someone changes their application status (e.g. when they add a new contact, mute a chat, or mark a message).

To solve this, the WhatsApp server securely stores a copy of each application state that all devices can access. To ensure this is adequately secured, all information and even the metadata about the information (what type of user data is stored or accessed) is encrypted end-to-end using constantly changing keys that are known only to that person’s devices.

How to test WhatsApp beta for multiple devices

We plan to test the experience with a small group of users from our existing beta program first. We’ll keep tweaking the performance and adding some extra features before slowly rolling them out. Anyone who registers can unsubscribe at any time.

You can find more information about the beta version and how to register in the WhatsApp Help Center.

For more information on WhatsApp Multi-Device, please see our updated whitepaper.

Comments are closed.