Is using one WhatsApp account on four phones a security compromise?

On 25 April, WhatsApp announced that users will be able to use the same WhatsApp account on multiple phones. The social media app remains one of the most used communication tools in the world, with over 2.44 billion users as of 2022.

Despite concerns about privacy and security issues, WhatsApp keeps gaining users. WhatsApp for Business is also becoming an increasingly popular tool among enterprises, especially small and medium-sized businesses. The tool enables businesses to engage audiences, accelerate sales and drive better customer support.

Now, users will be able to use the same account on up to four devices. According to WhatsApp’s blog, each linked phone connects to WhatsApp independently. Personal messages, media, and calls are end-to-end encrypted, and if the user’s primary device is inactive for a long time, they will be logged out of all companion devices.

A feature that is highly requested, users can link their phone as one of up to four additional devices, the same as when they link with WhatsApp on web browsers, tablets and desktops.

“Each linked phone connects to WhatsApp independently, ensuring that your personal messages, media, and calls are end-to-end encrypted, and if your primary device is inactive for a long period, we automatically log you out of all companion devices,” stated WhatsApp,

WhatsApp also stated that linking phones as companion devices make messaging easier.

“Now you can switch between phones without signing out and pick up your chats where you left off. Or if you’re a small business owner, additional employees are now able to respond to customers directly from their phones under the same WhatsApp Business account,” the company stated.

While this will provide greater accessibility and convenience, there are data privacy and security risks to be aware of.

According to Jake Moore, Global Cybersecurity Advisor at ESET, “WhatsApp is end-to-end encrypted but each device you link to your account creates another decryption key and potentially increases the threat vector. Although unlikely without physical access to the device, this new feature could be manipulated by a controlling partner in a relationship who knows the victim’s phone’s passcode. This would enable them to view current and old messages without the knowledge of the victim.”

Moore also pointed out that when new devices are linked to an account, the original device will require biometric entry going forward. Therefore, he explained that if a device has suddenly started requiring FaceID, TouchID or equivalent, it may be worth checking for linked devices in the settings.

Apart from linking multiple devices, WhatsApp also plans to introduce an alternative and more accessible way to link to companion devices. Users enter their phone number on WhatsApp Web to receive a one-time code, which they can use on their phone to enable device linking, rather than having to scan a QR code.

“This update has started rolling out to users globally and will be available to everyone in the coming weeks. We look forward to introducing this feature to more companion devices in the future,” WhatsApp said.

---

---

---

---