WhatsApp posted “New Security Features: Account Protect, Device Verification, Automatic Security Codes”. From the blog post:
At WhatsApp, we believe that your messages should be private and secure as an in-person conversation. Protecting your personal messages with default end-to-end encryption is the foundation of that security, and we’ll never stop building features to give you extra layers of privacy, and more control over your messages.
WhatsApp will be adding the following:
Account Protect: If you need to switch out your WhatsApp account to a new device – we want to double check that it’s really you. From now on, we may ask you on your old device to verify that you want to take this step as an extra security check. This feature can help alert you to an unauthorized attempt to move you account to another device.
Device Verification: Mobile device malware is one of the biggest threats to people’s privacy and security today because it can take advance of your phone without your permission and use your WhatsApp to send unwanted messages. To help prevent this, we have added checks to help authenticate your account – with no action needed from you – and better protect you if your device is compromised. This lets you continue using WhatsApp uninterrupted.
Automatic Security Codes: Our most security conscious users have always been able to take advantage of our security code verification feature, which helps ensure you are chatting with the intended recipient. You can check this manually by going to the encryption tab under a contact’s info. To make this process easier and more accessible to everyone, we’re rolling out a security feature based on a process called “Key Transparency” that allows you to automatically verify that you have a secure connection. What it means for you is that when you click on the encryption tab, you’ll be able to verify away with your personal conversation is secured.
These are additions ways we’re helping secure your account. While there’s many things we can do to make security easy for everyone, there are two features that only can turn on: two-step verification and use of end-to-end encrypted backups. If you’re already using both, please tell your friends about them so more people can benefit from these layers of security too.
Engadget reported that the most notable of the security features set the company doing more to protect users against SIM jacking and other social engineering attacks that could compromise your account. The next time you download WhatsApp on a new device, you may be asked to use your old device to confirm you want to move your account to a new phone.
According to Engadget, if you’re worried about the potential of being locked out of your account, a WhatsApp spokesperson told Engadget Account Protect will only activate if the company detects a suspicious registration attempt. Moreover, if you don’t have access to your old device, you can request the company send you a second one-time passcode.
In my opinion, it is a very good idea for WhatsApp to add additional protection for users. Ideally, these changes would make it much more difficult for nefarious people to hijack other people’s WhatsApp accounts.