The launch of a limited public beta test for WhatsApp’s updated multi-device capability has taken place. This feature allows you to access WhatsApp on your phone as well as up to four other non-phone devices at the same time, even if your phone’s battery is dead.
WhatsApp multi-device employs a client-fanout approach, in which the WhatsApp client encrypts and transmits the message N times to N different devices — those in the sender and receiver’s device lists. Each message is encrypted individually using the pairwise encryption session that has been established with each device. Messages are not saved on the server once they have been delivered. For groups, the Signal Protocol’s scalable Sender Key encryption scheme is followed.
For each of the recipient’s devices, the initiator generates a set of random 32-byte SRTP master secrets. This message, which contains the encrypted SRTP master secret, is delivered to each recipient’s device. When the responder answers the call from one of the devices, an SRTP encrypted call is initiated, which is protected by the SRTP master secret generated for that device.
The SRTP master secret is stored in the client device’s memory and is only used during the call. The SRTP master secrets are not accessible to the app administrating servers.
For group calls, the server chooses at random a call participant device (either the initiator or a device on which a user has accepted the call) to generate the SRTP master secret. That device generates the secret and transmits it to the other active participant devices via pairwise end-to-end encryption.
When a companion device is linked, the primary device encrypts a bundle of messages from recent chats and sends it to the newly linked device. An end-to-end encrypted message delivers the key to this encrypted message history blob to the newly linked device. The keys are deleted after the companion device downloads, decrypts, unpacks, and securely stores the messages. The companion device then retrieves the message history from its own local database.
Other application data necessitates more than just a phone-to-computer transfer.
WhatsApp server securely stores a copy of each application state that can be accessed by all of a user’s devices. To ensure proper security, all information, including metadata about the information is end-to-end encrypted using constantly changing keys known only to that person’s devices.
The beta feature testing will begin with a small group of users and will continue to optimise performance as well as add a few new features before gradually rolling it out more broadly. Those who opt in have the option to opt out at any time.