WhatsApp is adding opt-in biometrics to its web and desktop versions

WhatsApp, the popular messaging app with more than 2 billion users, has been getting a lot of heat (and losing users) in recent weeks after announcing changes to how it shares data with its owner Facebook. Now, it’s adding a new biometric feature to the service that will be helping make those using its web and desktop versions a little more secure.

The company said that from today, it will roll out a new look for its web and desktop apps, which will let people create an additional authentication layer using biometrics when they want to use WhatsApp on desktop or web.

You will now have the option (not requirement) to add in a biometric login, which uses either a fingerprint, face ID, or iris ID — depending on the device — on Android or iPhone handsets, to add in a second layer of authentication. When implemented, it will appear for users before a desktop or web version can be linked up with a mobile app account, which today relies just on using a QR code.

WhatsApp says that on iPhone, it will work with all devices operating iOS 14 and above with Touch ID or Face ID, while on Android, it will work on any device compatible with Biometric Authentication (Face Unlock, Fingerprint Unlock or Iris Unlock).

The service is another step forward in WhatsApp creating more feature parity between its flagship mobile apps, and how you interact with the service when you use it elsewhere.

While WhatsApp started as a mobile messaging app, it has over the years been building out other ways of using it, for adding desktop support in 2015 to the iOS version.

Mobile still accounts for the majority of WhatsApp’s users, but events like global health pandemics, which are keeping more of us inside, are likely leading to a surge of users of its Web and native desktop apps, and so it makes sense for it to be adding more features there.

WhatsApp told TechCrunch that it is going to be adding in more features this year to bring the functionality of the two closer together. There are still big gaps: for example, you can’t make calls on the WhatsApp web version.

To be clear, the biometric service, which is being turned on globally, will be opt-in: users will need to go to their settings to turn on the feature, in the same way that today they need to go into their settings to turn on biometric authentication for their mobile apps.

What comes next for biometrics?

WhatsApp’s recent announcements about data-sharing changes between it and Facebook have put a lot of people on edge about the company’s intentions — a particularly sensitive issue since messaging has become a very personal and sometimes private space. Originally thought as separate from what people do on more open social networking platforms, that position has been eroded over the years through data leaks, group messaging abuses, and (yes) changes in privacy terms.

That means there will likely be a lot of people who will doubt what Facebook’s intentions are here, too.

WhatsApp is pretty clear in outlining that it’s not able to access the biometric information that you will be storing in your device, and that it is using the same standard biometric authentication APIs that other secure apps, like banking apps, use.

The banking app parallel is notable here: consider how the company has been adding a lot more features and functionality into WhatsApp, including the ability to pay for goods and services, and in markets like India, tests to offer insurance and pension products. It will be interesting to see if this new biometric feature, used now to authenticate people to link up apps across devices, might appear as those other features get rolled out beyond mobile, too.