WhatsApp has been hard at work pushing out features in quick succession, with the latest being the ability to edit a message up to 15 minutes after it was sent. Locked chats were introduced a week earlier. The week preceding that? Polls and forwarding of images with captions.
The flurry of improvements help the Meta-owned app catch up to competing messaging platforms like Telegram, and are much welcome. Even then, some of the changes pursued could go further in addressing privacy concerns, while making data transfers more seamless.
This is especially given WhatsApp’s dominance in Singapore’s messaging space, as every improvement elicits spillover effects to many.
Privacy wise, usernames are great because users do not have to share their mobile numbers unnecessarily, but WhatsApp can better alert and protect its users from harmful actors – what with phishing and scams being the most commonly-reported crimes in Singapore.
Being able to use WhatsApp on multiple devices is fine and dandy, but the real gap in WhatsApp chats and its history is in preserving chat data when one phone eventually fails, so a device change does not lead to data loss.
A better conversational sentry
To be sure, WhatsApp has been working on privacy, with features like automatic device verification to weed out malware-compromised devices. What we can have more of are user-facing interventions in security-sensitive activities.
QR codes are increasingly ubiquitous as a means to provide information, authenticate identities, and make payments. No wonder scammers have caught up, and are using them in their illicit work.
When WhatsApp detects a QR code image, could it detail below the image the primary domain name which the user will be taken to, any security certification and its issuer, and remind the user to follow the link only after assessing the request to be genuine?
If the QR code is presented as a link, the same details can be presented in a pop-up. Users can even be required to wait three seconds before a “proceed” link can be clicked on.
This requires some manner of high-level message content analysis, but it’d be a surprise if the technology is not already available today. WhatsApp labels suspicious links with a red alert, and the feature can be refined and extended to QR codes.
Another guardian of online privacy is two-factor authentication (2FA). By requiring a readback of a unique identification code usually directed to a mobile number and/or registered device held by the user, 2FA prevents harmful actors from accessing accounts remotely by invoking a secondary check.
Graphical warnings like those already being done for suspicious links can be purposed for 2FA-related conversations. An obvious area where such prompts can be enhanced is the WhatsApp chat in which 2FA codes are shared, like the one pictured above.
WhatsApp can also look out for accounts flagged for making large numbers of 2FA requests, and tag advisory messaging onto these chats.
Finally, these warnings and advisories should be configurable by telcos, so the advisories can match local context without requiring intense resourcing on the part of WhatsApp’s team.
These enhancements are critical not only in Singapore. WhatsApp scams are also prevalent elsewhere, including India, the largest market of the service.
Making device migration more seamless
Say what you will about slowing smartphone replacement cycles, but there will be a day down the road when one’s mobile phone needs to be changed and data inside moved to a new device.
The smartphone data migration process has become better over time. I have personal experience with both Apple’s and Samsung’s approaches, and they do a decent job guiding you through. It also helps that most app data are cloud-based now, and thus move to a new device without fuss.
WhatsApp, however, is still generally an exception. I will outline four scenarios.
This is a screenshot of the restore backup screen that appears during WhatsApp’s first-time application setup. It only appears if WhatsApp is able to find a compatible backup in the Google Drive or iCloud storage of the device, with a matching mobile number.
If WhatsApp is (i) not able to find a compatible backup, or you are somehow not logged into the cloud account on which the backup is stored, it jumps straight to the next step of the setup, to set profile name and picture.
No option to locate a backup file from another cloud account, an offline location, or offer to re-visit a restore at a later time. Not even a prompt to restore data. In the absence of a locatable backup, it is as if there is no option to restore data at all.
If you want to migrate the data to (ii) a different phone number, you have to first restore the backup to the saved original mobile number, then change phone number in the settings menu after. The alternative is you change your mobile number before creating a backup.
In essence, you must have access to your original number, or have chat records migrated to a new number, at the point of restoring data.
This can be problematic if your device replacement entailed having a new number, or a move to an overseas number for a work posting. Nothing about the backup and restore screens warn you, or offer a way around this.
This likely has to do with WhatsApp using mobile numbers as an account identifier, and the wish is the impending usernames feature will go some way to ameliorate this. Notably, WhatsApp has said nothing about this.
Plus, as the message on the screen indicates, the moment the screen appears is the (iii) one and only time you may restore a backup. Skipping it creates a completely new profile that cannot be reconciled with a backup.
In recent times, it is possible to (iv) migrate data between platforms from iPhone to Android, and from Android to iPhone. I tried the former when moving from an iPhone to a Google Pixel, and will like to report the process failed miserably.
I have both Android and iOS device connected with a Lightning to USB-C cable, and the Copy Apps and Data screen just never provided an option for WhatsApp data restore. As usual, no options to attempt restore at a later time, nor a prompt to troubleshoot. It is as if an option to restore simply did not exist.
I have just painted a few scenarios in which backup and restoring WhatsApp data may fail. And this is coming from someone who has had a fair bit of experience with that.
To me, all these issues could be overcome if WhatsApp had a Backup and Restore menu that will always appear during application setup, and accessible via the settings menu after. It should provide clear instructions on what is possible and what is not, including inter-platform transfers, or moving to a new mobile number.
Users should be able to locate a backup file from multiple cloud platforms, or a local copy squirreled away somewhere. These backups should be authenticated to WhatsApp usernames, and not mobile numbers.
Considering the importance of messaging to the work and personal lives and WhatsApp involvement mediating these communications, making sure these conversations can be accessible for eternity (or at least, until the user decides to delete it) must surely be a priority.