How to make your WhatsApp even more private and secure

How to make your WhatsApp privacy stronger

The hugely popular messaging platform WhatsApp made big news in the security community when they announced earlier this month that they were now providing end-to-end encryption for all of their one billion plus members.

This is an incredibly positive development for privacy advocates. The best part about this new feature is that WhatsApp users did not have to do anything in order to take advantage of this new feature. It is rare that security improvements are this easy.

Even though one need not do anything to take advantage of WhatsApp's new end-to-end encryption, there is a way to make your WhatsApp conversations even more secure when chatting with folks you know personally.

WhatsAppThe problem is this. When exchanging private communications with someone, you can never be 100% certain that the person on the other end of that communication is who they purport to be.

The "last mile" that ensures that you are communicating with the person whom you think you are communicating with requires that you meet that person face-to-face. This is true of all encryption mechanisms.

The first setting that you should enable, therefore, is the one that notifies you if a WhatsApp friend changes their device.

Why would you care about such a setting? Well, because if someone removes the SIM card from your friend’s phone and uses it in another device, they could impersonate your friend on WhatsApp. Enabling a setting in WhatsApp will give you notice that you may be communicating with an imposter.

The way to protect yourself is to go to the “Settings” icon at the bottom right of your WhatsApp screen, open up the Account settings area, and turn on the "Show Security Notifications" setting.

Whatsapp settings

But wait, there’s more!

The next time you are face-to-face with your WhatsApp friend, and you want to increase your WhatsApp security even more, here are the simple steps to do so.

First, make sure that WhatsApp has access to your camera. You may have already allowed this when you installed WhatsApp, but if you did not, it is an easy setting in your Applications area of your phone.

Next, open a conversation with your friend in WhatsApp and then select the person’s name at the top of the conversation. This will open the contact window for that person. Near the bottom of that screen you will see a setting for Encryption.

Whatsapp settings

Tap on the encryption field, and you will be presented with a screen that displays a QR code as well as a 60-digit decimal code that represents the contents of that QR code.

Whatsapp QR code

At the bottom of the QR code screen, there is a link that will enable you to scan your friend’s code, and they can do the same for your code. This is why you need to allow camera access in WhatsApp, even if only temporarily.

That is all there is to it. Now, when you communicate with your friend, you can be more confident that they are who they say they are - although, of course, it's always possible that the person you are speaking to has failed to keep a close eye on their smartphone or has failed to set a strong passcode.

In my view, you should tighten security like this with as many of your WhatsApp friends as possible.

WhatsApp has performed a magnificent feat in bringing end-to-end encryption for all communications to so many people. For those of us who wish to have authenticity when communicating, WhatsApp has gone that extra step to ensure that as well.

Well done, WhatsApp!

Tags: ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

Subscribe to the free GCHQ newsletter