The World Wide Web was built long before the first mobile apps emerged. And that opens the door for the web versions of some popular mobile apps to turn out to be significantly more vulnerable than these: “There are many factors that could weaken the security of a web browser that don’t exist in the mobile app space, such as browser extensions.”

“Unlike a mobile app downloaded from a trusted one, the web doesn’t offer the same degree of assurance that the code hasn’t been tampered with.”

WHATSAPP Tricks and tips to HIDE YOURSELF TO THE MAXIMUM and maintain your PRIVACY

A new extension to strengthen your WhatsApp Web

Thus, WhatsApp, which sees how access to its platform through the web version is growing, has also proposed to reinforce its security protections. And for this reason, it has teamed up with Cloudflare to announce the addition of a new layer of security for WhatsApp, specifically for WhatsApp Weband what arrives as a browser extension.

His name is Code Verifyand offers the possibility of automatically verifying in real time the authenticity of the code that the browser receives when opening WhatsApp Web, in order to be sure that it has not been altered in any way.

Code Verify es compatible with Mozilla FireFox browsers (the link is not yet available), Microsoft Edge (descargar) y Google Chrome (download): Once the extension is installed, it will be automatically pinned in Firefox or Edge browsers (although Chrome users “will need to pin it for optimal use”).

That’s how it works

Cloudflare’s role is to serve as an independent third-party verifier: Every time someone uses WhatsApp Web, the extension will automatically compare the ‘hash’ (‘fingerprint’) of the code received in the browser with the ‘hash’ of the WhatsApp Web code that the messaging application shares with CloudFlare.

If the hashes do not match each other, this would indicate that the code that is executed in the user’s browser is different from the code that WhatsApp intends to be executed in all the browsers of its users. And therefore, it will also indicate that the user has a security problem.

This idea is not new (the ‘hash’ is already used, for example, when verifying the integrity of downloaded files, especially *.ISO)… “but automating it, deploying it on a large scale, and making sure it’s easy to use is. for WhatsApp users”.

“If users had to manually search, compute, and compare hashes, tamper detection would be possible for only a small fraction of expert users.”





From Cloudflare they make it very clear that they never receive a copy of “messages, chats or other traffic between WhatsApp users; They remain private and end-to-end encrypted.”

According to its creators, a good way to understand Code Verify is to see as if it were a WhatsApp Web security traffic light:

If the code coincide and validated, the Code Verify icon in the browser will turn verde .

If the Code Verify icon in your browser turns Orange when WhatsApp Web is loaded, it means that another browser extension is interfering with the ability to verify WhatsApp Web, or that the request was timed out and the page needs to be refreshed.

If the check icon is set to red, there is a possible security problem with the WhatsApp code that is being served. Actions can then be taken, such as pausing the other extensions, switching to a mobile version of WhatsApp, or downloading the source code and giving it to a third-party organization for analysis.





Code Verify, furthermore, does not have to only reinforce the security of WhatsApp: its creators affirm that it is open source (it’s available on GitHub) not only to ensure its transparency, but so that “other messaging services can use it too”.