WhatsApp Upgrade: WhatsApp suddenly issues an update alert to all users suddenly
WhatsApp is on the brink of unveiling its most significant upgrade in recent years. But a surprise awaits. The messaging giant has warned users about a serious new issue. You need to be very careful…
The devil is always in the details. It’s his new WhatsApp upgrade that has made countless headlines in recent weeks. Meta, the messaging behemoth, has officially announced its commitment to adhere to Europe’s Digital Markets Act (DMA) and embrace third-party chat integration on its platform.
Meta has announced some technical details on how exactly this will work. Unfortunately, that is not the case, at least not in the way it is expressed. The new guidance includes dire warnings about the update’s fatal flaws. This is a nasty surprise for users expecting an exciting new world of integrated and secure messaging.
As everyone knows by now, under Europe’s DMA, WhatsApp and other so-called gateway technologies must be open to competing services. This is the same rule that brought Apple into the scary new world of third-party app stores. WhatsApp surprised others by sharing early details about its compliance, suggesting it will work not just in Europe but around the world.
Now, the platform is going a step further and sharing technical details outlining its approach. No real new tech news here. We knew most of them. However, we focus on some of the ways different apps interface and ensure consistency between apps. However, it is silent on operational details, such as how users will actually find each other in the real world.
But the guidance confirms serious risks to the platform’s 2 billion users.
“Share how we have achieved third-party interoperability (Interop) across our services while maintaining end-to-end encryption (E2EE) and other privacy guarantees,” the new advisory reads. It is stated that. His last four words are more important than all the rest.
Let’s start with some basics. End-to-end encryption ensures that when you send a message to an individual or a group, the message contents remain securely locked, accessible only to you and the intended recipient who possesses the decryption key. You can also ask the platform to verify and ensure the integrity of the devices participating in the chat and the security of the shared key. This implies that neither Signal nor Meta (in the context of WhatsApp), Google (for Messages), nor Apple (in the case of iMessage) can access or unlock your user content.
This is where the content is encrypted between the device/app and the server, and the server is encrypted again. Receiving device/app. Partial encryption allows the host platform to hold the key and unlock the content.
The European DMA states that interoperability must not compromise security and privacy, and that “the level of security (including end-to-end encryption, if applicable) that gatekeepers provide to their end users. “will be maintained within interoperable services.”
It was always nearly impossible. End-to-end encryption with endpoint guarantees obviously only works if the two “ends” can actually be guaranteed, that is, if they are actually identical. Two WhatsApp, iMessage, or Signal apps. DMA envisions a world where Signal messages can be sent to her WhatsApp users. And so-called interoperability, by its very nature, destroys that model.
WhatsApp Upgrade: WhatsApp New Surprise Update For Users
Meta strongly suggests, although it is not an absolute requirement, that third-party platforms that want to access WhatsApp use the same Signal protocol that they use for their own services. “We use the Signal protocol as the basis for our E2EE communications because it is the current gold standard for E2EE chat. We prefer third-party providers to use the Signal protocol for maximum security for our users. Meta says it will make exceptions to allow alternative encryption protocols “but only if they can demonstrate they can provide the same security guarantees as Signal.”
That part of the Meta update seemed to make headlines for Signal’s use of Signal to maintain existing end-to-end encryption, but unfortunately this is misleading. Yes, the encryption protocols used by Signal guarantee the security of your content during transmission, but they do not guarantee what happens on the sending end.
Jake Moore from ESET explains: “It is not possible to send messages from one encrypted app to another without significantly upgrading the encryption technology to accommodate this interoperability. End-to-end encryption is intuitive for most users, But no two apps implement encryption the same way, and herein lies the security issue. Compromises are inevitable, but the real problem is that most users of technology companies are aware that many are still concerned about privacy and security risks. Don’t fully understand or worry about.”
This has brought a new warning on WhatsApp, which is very serious. “Meta’s commitment to end-to-end encryption (E2EE) necessitates control over both the sender and recipient clients. Interestingly, Signal Protocol encryption can function independently of client ownership (endpoint). We have created a secure interoperable solution that protects messages in transit by using third-party providers. We cannot guarantee what third-party providers will do with messages sent or received, and therefore we make no such promises. Do what you can’t do.”
As mentioned many times, fully guaranteed end-to-end encrypted messaging is binary, not spectrum. Without control of both endpoints, or some form of shared and mutually assured endpoint security, what has become the new default for secure messaging would not exist.
Again, Mehta openly warns about these risks. “It is important that we provide our users with transparent information about how interoperability works and how it differs from chatting with other WhatsApp and Messenger users. We believe this is necessary to protect our users.” And understand the privacy commitments and our feature set. It may not exactly match what we offer in WhatsApp Chat.”
Endpoint compromise is a real vulnerability in end-to-end encrypted messaging, even if both endpoints are the same. If they can take over a device or trick a user into installing a dangerous app, they can access content on that device or endpoint.
Like any chain, end-to-end encryption is only as secure as its weakest link. Interoperability means threat actors don’t have to compromise hyperscale apps, but can target smaller, less-protected alternatives that are starting to appear on WhatsApp.
The only answer to this challenge is faith. In theory, if you can fully prove the integrity of an endpoint, you can share keys and run some type of proxy-secure platform. This may be possible with major apps like Signal, iMessage, and Telegram, but you won’t be able to run any of them. The apps that will actually run will be smaller and don’t have the same guarantees.
However, as Moore points out, “You have a choice whether or not you participate in message exchanges with third-party apps,” adding further, “We recommend activating them only when absolutely necessary.” Let’s give.” Ta.
Due to these security risks and the lack of active involvement of other major messengers in WhatsApp, this update is not as exciting as it is being touted. What I recommend is to use different messengers that are end-to-end encrypted and not play combination games.