How WhatsApp Enables Multi-device Capability

Earlier this year WhatsApp revealed the possibility of multi-device support. The information was revealed in an interview between WABetaInfo and Facebook CEO Mark Zuckerberg and WhatsApp head Will Cathcart where Will also confirmed that the new multi device support update will perhaps make accessing WhatsApp on iPad a possibility. Facebook has officially announced the rollout of a limited public beta test for WhatsApp’s updated multi-device capability.

“For years, people have been asking us to create a true multi-device experience that allows people to use WhatsApp on other devices without requiring a smartphone connection.” says Facebook. “With this new capability, you can now use WhatsApp on your phone and up to four other non phone devices simultaneously — even if your phone battery is dead.“

In order to achieve Multi-Device Support, Facebook had to rethink WhatsApp’s architecture and design new systems to enable a standalone multi-device experience while preserving privacy and end-to-end encryption.

Here’s How WhatsApp enables multi-device capability:

TAKING SMARTPHONES OUT OF THE EQUATION

The current WhatsApp version requires the use of a smartphone app as the primary device thereby making it “the source of truth for all user data and the only device capable of end-to-end encrypting messages for another user, initiating calls, etc.“

This architecture makes it easy to deliver a seamlessly synchronized experience but it only allows a single companion device to be operative at a time. An example of which is being unable to be on a call (in Portal) while checking the messages on PC.

According to Facebook. “The new WhatsApp multi-device architecture removes these hurdles, no longer requiring a smartphone to be the source of truth while still keeping user data seamlessly and securely synchronized and private.“

MEETING THE SECURITY CHALLENGES OF MULTIPLE DEVICES

Before the multi-device feature was introduced everyone on WhatsApp was identified by a single identity key which was also the source to derive all the encrypted communication keys. Now with multi-device, each device has its own identity key. There is a mapping maintained by the WhatsApp server between each person’s account and all their device identities. Facebook has addressed the challenge of preventing a malicious server from eavesdropping by secretively adding devices to someone’s account.

Facebook has used a combination of technologies to solve this.

“First, we have extended security codes to now represent the combination of all of someone’s device identities so that anyone and their contact can always verify all the devices they are sending messages to.” The company writes on its website. “Second, in order to reduce the number of times that someone needs to perform identity verifications, we have developed and will roll out a technology called Automatic Device Verification. This system allows for devices to automatically establish trust between each other in a way that someone needs to compare another user’s security code only if that user reregisters their entire account, rather than each time they link a new device to their account.” Facebook further added. “Finally, we also give people additional control and protections over which devices are linked to their account. First, everyone will continue to be required to link new companion devices by scanning a QR code from their phone. This process now requires biometric authentication before linking where people have enabled this feature on compatible devices.“

MAINTAINING MESSAGE PRIVACY

WhatsApp multi-device makes use of a client-fanout approach where WhatsApp client sending the message encrypts and transmits it N number of times to N number of different devices. Facebook says: “Each message is individually encrypted using the established pairwise encryption session with each device. Messages are not stored on the server after they are delivered. For groups, we still use the same scalable Sender Key encryption scheme from the Signal Protocol.“

ADAPTING VOICE AND VIDEO PROTOCOLS FOR MULTI-DEVICE, END-TO-END ENCRYPTION

When someone on WhatsApp makes a voice or video call:

-The initiator generates a set of random 32-byte SRTP master secrets for each of the recipient’s devices.

-The initiator sends an incoming call message (using the client-fanout approach described above) to each of the devices of the recipient. Each recipient’s device receives this message, which contains the encrypted SRTP master secret.

-If the responder answers the call from one of the devices, a SRTP encrypted call is started, protected by the SRTP master secret generated for that device.

The SRTP master secret stays in the memory of a user’s device and is used only during the call. Facebook does not have access to the SRTP master secrets.

KEEPING MESSAGE HISTORY AND OTHER APPLICATION STATES IN SYNC ACROSS DEVICES

Facebook wants to ensure that “people have a consistent experience” with WhatsApp no matter whichever device they use it on. In order to achieve the same Facebook synchronizes message history as well as other application state data. The synchronized data is end-to-end encrypted between the user’s devices. As for message history, whenever a companion device is linked “the primary device encrypts a bundle of the messages from recent chats and transfers them to the newly linked device. The key to this encrypted message history blob is delivered to the newly linked device via an end-to-end encrypted message. After the companion device downloads, decrypts, unpacks, and stores the messages securely, the keys are deleted.” From here the message history is accessed from the companion device via its own local database.