WhatsApp on Android to make flash calls to verify logins

There are different systems these days for securing accounts beyond fragile and weak passwords. While authenticator apps are often the recommended method, others also use your phone number as a sort of a second authentication factor. That's especially true for services that use your phone number as your account number anyway, like WhatsApp. It seems that Facebook's messaging service is going to use that number to implement another layer of security, making a flash call to verify the number that you gave for login is a valid one.

This upcoming feature, if it does make it out the door, is for both security and convenience. With the currently existing system, WhatsApp sends OTPs via SMS when logging into their accounts. Users either type in the numbers or, depending on the permissions granted to the WhatsApp Android app, is automatically entered by the app itself.

This method, while better than just a password, has also been criticized for offering no real security because of the vulnerability of the SMS protocol. WABetaInfo, which often leaks upcoming or in-development WhatsApp features, reveals that the network is working on yet another method to verify logins. Instead of sending an OTP, it will call you and immediately drop the call and will then scan your call history to check if the phone's number and the number it called, which would have been the number it would send the OTP to, is one and the same.

The catch is that to perform this action, WhatsApp needs permission to read your phone's call history log. This is something it will ask Android users once when setting up the app for the first time and WhatsApp promises the data won't be used for any other purpose. Given the recent scandal the network is under due to its new Facebook-friendly privacy policy, that's a rather big promise to make.

That requirement is also one reason why this feature will never make it to iOS since Apple's platform doesn't give third-party apps access to call history. It is also an optional verification method so those with privacy concerns can keep using the older methods, presuming they still use WhatsApp, of course.