The Facebook-owned messaging app has finally introduced the WhatsApp fingerprint lock feature for Android users. The feature was made available to the iOS users earlier this year.
The WhatsApp fingerprint lock feature comes with the latest Android beta version 2.19.221. It is disabled by default, and so users will have to enable it from the Settings. To enable it in WhatsApp, go to Settings > Account > Privacy > Fingerprint lock.
This new WhatsApp fingerprint lock feature would allow users to make their chats more secure. Further, there is a new “show content in notifications” option, which allows users to decide if they want to show or hide messages and sender preview when the fingerprint lock feature is enabled.
Even if you don’t enable this option, you can still reply to the messages from notifications and answer WhatsApp calls as the fingerprint lock only comes into play when you open WhatsApp. As per WABetaInfo, the widget content is hidden by default when the Fingerprint Lock feature is enabled.
After the feature is enabled, you will have to use fingerprint authentication to gain access to WhatsApp. The feature offers three options to automatically lock the app – immediately, after 1 minute, and after 30 minutes. With the “immediately” options, users will have to fingerprint authenticate each time they open and close the app.
It must be noted that iOS users have a 15 minute option as well, but the same is not available to Android users yet. Hopefully, it would be there when the stable version of Android rolls out.
If you have updated to the latest version, but are still not seeing the WhatsApp fingerprint lock feature, then try by reinstalling WhatsApp. There are two requirements, first your phone must be running on Android Marshmallow or higher, and second, it must feature a fingerprint scanner. If you don’t have access to the beta, you can sideload it through APKMirror.
The Facebook-owned company is reportedly using Android’s fingerprint APIs, this means that your fingerprint data is being used for on-device authentication only, and is not sent to Facebook’s servers.
WhatsApp may be adding more consumer-side privacy features, but it seems, it needs to do more work on its end to increase the security. In the Black Hat security conference last week, security researchers at Check Point pointed out several flaws in the messaging app, which was acquired by Facebook in 2014 for about $21 billion.
WhatsApp uses end-to-end encryption, meaning no one else except for the recipient can see the messages. However, as per Check Point, a flaw in the messaging app may not just allow a hacker to read a message but also change the message as well. Another flaw that the security researchers talked about allows a hacker to attribute a message to another person instead of the actual sender.
Check Point also pointed out a flaw that could allow a hacker to disguise a public message as a private message. This could lead a recipient to believe that their response would be kept private, but the flaw would make it visible to others as well.
Such flaws, if hackers are able to exploit them, could cause havoc, considering the messaging app has more than 1.5 billion users in more than 180 countries. By 2021, WhatsApp is estimated to hit 25.6 million users in the U.S.
Check Point first discovered these flaws last year and pointed them out to Facebook. The company was able to fix the third one, but the first two flaws still exist.
“But, we found that it is still possible to manipulate quoted messages and spread misinformation from what appear to be trusted sources,” the security researcher said. “From Check Point Research’s perspective, we believe these vulnerabilities to be of the utmost importance and require attention.”
WhatsApp also responded to the issues, saying they reviewed them a year ago, but did not find any vulnerability in the security that they provide to the users. Further, the messaging app said that if they address these issues, it could make the messaging app less private.
“We need to be mindful that addressing concerns raised by these researchers could make WhatsApp less private – such as storing information about the origin of messages,” WhatsApp said.
Check Point acknowledges that the messaging app responded in time, but notes that not enough actions were taken. Thus, to create more awareness of the issue, they decided to discuss these issues at the annual Black Hat security conference in Las Vegas. Check Point has discussed these flaws in detail on its site.
“By decrypting the WhatsApp communication, we were able to see all the parameters that are actually sent between the mobile version of WhatsApp and the Web version. This enabled us to then manipulate them and start looking for security issues,” Check Point said.