Tech

WhatsApp says new biometric features are nothing to worry about

Your eye, fingerprint, or face could soon be used to activate WhatsApp on the web... assuming you trust Facebook enough with that information.

Fingerprints. Cyber security concept. Digital security authentication concept. Biometric authorization. Identification. Vector illustration of the fingerprint of different colors on a white background
Shutterstock

WhatsApp, the Facebook-owned instant messaging service, is doing whatever it can to reassure users concerned about their privacy that it can be trusted with sensitive information about them. The latest challenge concerns biometric data — like fingerprints and iris scans, or facial recognition — which WhatsApp plans to use to make it easier for users to log into the service on their laptop or desktop. Currently, users have to scan an on-screen QR code with their mobile phones to use WhatsApp's desktop or web apps.

Business Insider reports the new feature, which Facebook announced on Thursday, will let those on Apple devices use Touch ID or Face ID, while Android phones will be able to use their faces, fingerprints, or irises, depending on their device. Facebook says the move is intended to provide an additional layer of security for users.

Fresh focus on privacy — The move comes only weeks after WhatsApp lost millions of users to rival platforms Signal and Telegram. In an attempt to pacify users who have been critical of a change to WhatsApp's data-sharing policies with Facebook, the company has delayed the change coming into effect until May. That means added pressure with this change as, despite Facebook's numerous assurances nothing fundamental is changing with how it manages user data on WhatsApp, many users remain skeptical... and wary.

Where does my data go? — Facebook anticipated questions about user privacy and data collection, and added a potion about the new biometric support to its FAQ. The company says users' smartphones will manage their biometric data, not the messaging platform.

"The authentication is handled by your device’s operating system using the biometrics stored there," the FAQ explains. "WhatsApp can’t access the biometric information stored by your device's operating system."

This claim makes sense. If WhatsApp is relying on conventional Application Programming Interfaces (APIs) — and there's no reason to believe it isn't — it can activate biometric authentication for you without creating an archive of it. The process will look something like this: your fingerprint, eye, or face scan will be analyzed and encrypted in your phone without any chance of reversal. Moreover, it's not shared beyond the device. This is the same way biometric support for other apps — like banking or other financial services apps — works.

An underlying trust problem — WhatsApp is right, this move will provide an additional security layer for users who want to make use of the service on laptops or desktops. But will it appease those suspicious of Facebook, or bring those who've fled to rival services back? We're not betting on it. First, once users have made the move to Signal or Telegram (and gotten friends and family to do likewise) there's little incentive to return — both platforms offer all of the same key features WhatsApp does. Moreover, they offer some it doesn't — like the ability to use them on multiple laptops or desktops simultaneously.

If it's going to reverse its losses, WhatsApp is going to have offer far more than support for biometrics.