How to: Use WhatsApp on iOS
Last Reviewed: August 11, 2020
We've updated this guide to a new page. Please see the new version here.
We strongly encourage you to change your settings as described below (and ask your contacts to do the same!) in order to best protect your WhatsApp communications.
In particular, we're concerned about WhatsApp's August 2016 announcement of a new privacy policy that allows data sharing with parent company Facebook. This allows Facebook access to several pieces of WhatsApp users' information, including WhatsApp phone numbers and usage data.
Existing WhatsApp users at the time of the privacy policy switch had a grace period to change their settings and prevent Facebook from suggesting friends or serving ads based on WhatsApp data. New accounts, however, do not have the option to refuse these expanded uses of their data. Instead, the only option available to new users is whether to join WhatsApp at all under the new privacy policy and all of the data sharing it entails. Even though the company assures users it will not share their data directly with advertisers, this nevertheless presents a clear threat to users’ control of how their WhatsApp data is shared and used.
In addition we're concerned with WhatsApp's web app. WhatsApp provides an HTTPS-secured web interface for users to send and receive messages. However, as with all websites, the resources needed to load the application are delivered each and every time you visit that site. So, even if there is support for crypto in the browser, the web application can easily be modified to serve a malicious version of the application upon any given pageload, which is capable of delivering all your messages to a third party.
WhatsApp does still provide end-to-end encryption , which ensures that a message is turned into a secret message by its original sender, and decoded only by its final recipient. We take no issue with the way this encryption is performed. In fact, we hope that the encryption protocol WhatsApp uses, the Signal Protocol, becomes more widespread in the future. Instead, we are concerned about WhatsApp’s security despite the best efforts of the Signal Protocol.
If you would still like to use WhatsApp, see our tutorial below and be sure to turn off cloud backups and turn on fingerprint change notifications (see section on Additional Security Settings).
Download location: The app can be downloaded from the App Store
System requirements: iOS 9 or later.
Version used in this guide: 2.20.40
License: Proprietary
Other reading:
-
https://www.whatsapp.com/security/WhatsApp-Security-Whitepaper.pdf
-
https://medium.com/@thegrugq/operational-whatsapp-on-ios-ce9a4231a034/
Level: Beginner-Intermediate
Time required: 15-20 minutes
WhatsApp is an application that allows users on mobile devices to communicate with each other using end-to-end encryption. With it, users can securely chat with and call each other, send files, and engage in group chats. Although WhatsApp uses telephone numbers as contacts, calls and messages actually use your data connection; therefore both parties to the conversation must have Internet access on their mobile devices. Due to this, WhatsApp users don't incur SMS and MMS fees.
WhatsApp is owned by Facebook. The app itself is closed-source software, which means that it is very difficult for outside experts to confirm that the company has implemented their encryption in a secure way. Nonetheless, the methods that WhatsApp uses to send encrypted messages are public, and regarded as secure.
Installing WhatsApp on your iPhone anchor link
Step 1: Download and Install WhatsApp anchor link
Step 2: Register and Verify your Phone Number anchor link
WhatsApp will request access to your contacts. If you grant this access, WhatsApp will have a full list of your contacts' phone numbers. If you do not grant this access, you can manually add each of your contacts for chat messages, however you cannot make a new call without granting WhatsApp access to your phone's contacts. If you'd like to send photos, media, or files, WhatsApp will request access to these files as well.
You will then be prompted to edit your profile by adding a name and a profile picture:
Using WhatsApp anchor link
Another verification method you may want to consider is taking a screenshot of the numbers and sharing it over a secondary secure channel.
Additional Security Settings anchor link
Show Security Notifications anchor link
As stated above, if for any reason the encryption key of a contact changes, you may want to be notified of this change.
iCloud Backup anchor link
Also stated above, you'll probably want to ensure that unencrypted backups are not sent to Apple.
Navigate to Settings → Chats → Chat Backup to ensure cloud backups are turned off. Under "Auto Backup" choose "Off":Enabling Multi-Factor Authentication anchor link
In the same Account menu area that you were able to access the Privacy and Security settings, you will see an option to configure Two-Step Verification.
Tap into that menu and you'll be given a one-option screen that asks you to enable Two-Step Verification by adding a PIN number that you will need to enter any time you register your phone number with WhatsApp again.
Once you select the "Enable" option, a screen will appear that asks you to create a six-digit pin.
You are now ready to use WhatsApp for iOS.