Meta has released Code Verify in collaboration with Cloudflare. This is a browser extension that automatically verifies the authenticity of the code on the WhatsApp Web website when users log in to it. The extension is coming to Chrome, Edge and Firefox.
Using Code Verify ensures that users can rest assured that if they use WhatsApp Web, the code has not been tampered with. The parent company of Facebook and WhatsApp wants to make it more difficult for attackers to intercept messages from users who use WhatsApp in the browser.
According to Meta, Code Verify is based on the concept of sub-resource integrity. This is a security feature that allows browsers to verify that the content they download has not been tampered with. That only works with individual files, while Code Verify checks all resources on the full page, according to Meta. To be able to do that on a large scale, Meta has partnered with Cloudflare.
If the extension is installed, it will be activated automatically when WhatsApp Web is visited. With traffic light colors, the extension shows if everything is okay, or if there are problems. An orange circle is visible when there is a network timeout or detection of a potential risk. If the extension detects that the code does not match, the icon will turn red with an exclamation mark. A click on the icon should provide more information.
The Code Verify extension is available for Chrome and Edge. A Firefox version will follow later. According to Meta, the browser extension does not log any data, metadata or user data and no information is shared with WhatsApp. The extension also does not have access to messages, the company emphasizes. It is an open source extension and the source code is on GitHub.