Does it require my WhatsApp on Phone to be always online?

[cijo7]

I wanted to know how this is different from Whatsapp Web and what is the significance of it in terms of extended capabilities?

[sigalor]

Currently I am quite certain that WhatsApp Web does require your phone to be online during the entire session. Otherwise I think end-to-end encryption would not be possible. I don't know which other advantages this would have though, if there are any at all. Not directly related to that, but WhatsApp also has a whitepaper which explains its inner workings (including parts of the Signal protocol).

Still, I am not entirely sure about any of this and apparently, although many security researchers have looked at WhatsApp already, no actual documentation or details about the implementation about all of this exist.

Thus, another project I am working on at the moment is trying to examine the raw data that's transmitted via the network by the actual Android app (i.e. below the HTTPS/Signal layer). This investigation is fairly difficult and operates on multiple levels, but of course participation would be greatly appreciated. If you, or anyone else, is interested in that, just write me a quick mail (see my profile for the address).

[dequis]

no actual documentation or details about the implementation about all of this exist.

There are docs in https://github.com/mgp25/Chat-API/wiki#technical-information - but most of it applies to WA 1.4, not the noise-based WA 2.0

As far as I can tell everyone else (chat-api, yowsup, whatsapp-purple, etc) gave up on development of these libraries around the time WA 2.0 was being introduced, it's a big change and everyone was tired of dealing with so much bs.

While 1.4 probably still works because they extended support for nokia S40 phones, it looks like using it is a way to get your phone number banned instantly. Because spammers.

So I'd recommend not reversing the other protocol, it's just pain.

It's possible that implementing the web protocol is safer (after all, you're using the real app with a real phone with an established identity instead of recreating one identity from scratch), but this is just speculation. I just hope this doesn't end up getting abused the same way.

BTW: IANAL but you might want to add a note to the readme to make it explicit that this isn't affiliated with whatsapp, they've previously misused DMCA takedown requests to complain about trademark stuff instead of copyright. Github's handling of DMCA is takedown first regardless of the validity of the request, wait for your counter-notice to get it back up. Let's hope it never gets to this point. Good luck.

[matteocontrini]

As far as I can tell everyone else (chat-api, yowsup, whatsapp-purple, etc) gave up on development of these libraries around the time WA 2.0 was being introduced, it's a big change and everyone was tired of dealing with so much bs.

They (and I) gave up when they started sending out cease and desist letters. There weren't major technical difficulties

[dequis]

The projects I mentioned tolerated the cease and desist letters, chat-api in particular is named as such to avoid confusing with the trademark. The first DMCA (and the only one sent to github) was 2014-02-12 (followed by four counter notices bringing some of those back up). There's another letter, non-DMCA, documented in Chat-API's repo, 2015-07-11. The original WhatsAPI repo has one from 2015-05-03, citing that as the reason they give up. But Chat-API and whatsapp-purple gave up in 2016 (because spammers, and i think the depressing issue trackers didn't help). Yowsup is technically not dead but still implements the older protocol, and I don't see a lot of motivation to implement the new one.

I didn't intend to say WA 2.0 is the reason they gave up - only that it's a significant refactor and you can't do changes that big in projects you hate.

I'm still impressed at how far they got with axolotl support, but if that was intended to stop the account bans it didn't seem to help.

[baptx]

Would it be possible to create a script that will replace the Android app so we don't need to use it with WhatsApp Web? I created an issue on yowsup but it could be a separate project also: https://github.com/tgalal/yowsup/issues/3084

[bodqhrohro]

@baptx good news: looks like WhatsApp is beta-testing a support for independent secondary clients, like in Viber, which does not require to run the primary client all the time, only to register.

I didn't dive into technical details yet though, probably this would involve a new much more complicated protocol version.