- WhatsApp may soon introduce fingerprint authentication for the creation of Web Sessions.
- While this is a privacy and security-enhancing feature, it could compromise high-level targets.
- For regular users, it will be a far more convenient and quicker way to authenticate on the platform.
People who love to look deep into the code of beta APK versions to uncover any upcoming features have spotted something interesting on WhatsApp 220.127.116.11. Apparently, the popular chat app is readying a fingerprint-based authentication for the creation of a new Web Session. That could replace the current system that requires the scanning of a QR code from the smartphone that runs the app, which is admittedly somewhat disruptive as a process. Scanning your fingerprint would be a lot quicker and a million times more convenient. But what about security?
The scanning of the QR code is surely a secure step because it presupposes a couple of things that are linked to the user. One cannot prompt the app to scan a QR code, or fake it, or bypass this process very easily. Fingerprint scanning, on the other side, is not as secure because fingerprints can be stolen.
Even if that doesn’t happen, fingerprint scanners on many smartphone models aren’t very accurate or very hard to fool. This sounds implausible, but the capacity of people to hack fingerprint sensors has been demonstrated repeatedly, even on the most recent sensor tech.
Of course, we cannot forget that this method of authentication is actually meant to serve as a privacy feature, as someone holding your phone won’t be able to start a web session on WhatsApp. Additionally, one can rightfully argue that no sophisticated hackers have a reason to put in the time and effort required to steal their fingerprints, and that would be true for the majority.
However, WhatsApp is used by people who exchange sensitive communications, is an end-to-end encryption platform, and actually cares about user’s privacy and security. If one was to hijack the account access and create a new Web Session, they could fetch the entire chat history through syncing.
This report doesn’t necessarily mean that the new feature will land on the next WhatsApp version, or that it’ll ever land at all. Sometimes, code snippets appear on beta stages, but the testing doesn’t go too well, and things get strapped, postponed, or left there for future consideration. Another thing that appeared on the scrutinized beta version of WhatsApp are fixes for the “Recently Used Emojis”, which is something that people have been eagerly waiting for.