14 comments on “What’s up with WhatsApp and WebRTC?

  1. These articles are GREAT. Fantastic info and totally appreciate the thoughtfulness / thoroughness of your analysis.

  2. I’m curious about the assertion that WhatsApp uses SDES, yet also interops with Firefox — Firefox never implemented SDES. The only way to exchange media at all with Firefox’s WebRTC implementation is using DTLS-SRTP.

  3. Just love they way they handled most visible problem of WebRTC. Also their approach to anchor media first and p2p later means they already have very big infra which they can leverage further for multi-party conf.
    Very recently I worked for one Communication giant who is changing their legacy feature server to work in this way but in legacy protocols. They otherwise use to host media all the time. Can you believe it ?
    I certainly think Whatsapp has done great job in identifying right implementation and now they should API their offering for wide adoption/customization etc.

  4. The codec priority is Opus > AMR > PCMU, but I don’t know what could prevent Opus from being used.

    How did you test silence? Maybe it was still sending noise, comfort of otherwise? Did it sound fully muted on the other side?

  5. Hi, great article!! I’ve did some tests myself with the WhatsApp call feature, but from a signalling perspective. Using the node-whatsapi project, which implements the WhatsApp protocol for NodeJS, I was able to make a trace of an incoming call from an Android WhatsApp client. See the trace here: https://gist.github.com/tvandergeer/ecc1380641801d4c7c0f (obfuscated some privacy details)

    Some conclusions/assumptions from this:
    * They use the OPUS codec
    * Several relays are tested for their latency. And then it most likely picks the one with the least latency
    * The srtp tag indicates that SRTP is being used using a pre-shared key (192 bits) => SDES?
    * Based on the presence of the p2p tag I assume that it will also attempt to connect the media directly besides using a relay

    Disclaimer: I’m a contributor to the node-whatsapi project

    • Tom,

      just noticed this. I have been pondering whether to do a MITM attack on the signaling channel to find an answer but estimated it would have taken days.

      Thank you! It’s good to know for sure.

  6. Hi all
    I’m a student and I do not have knowledge in this matter (WebRTC) but I would like to learn about it.
    So sorry if my question is no proper or idiot, but I would like to know: IS whatsapp using WebRTC or not, IMHO reading this great article I could see that Whatsapp use some elemnents of WebRTC.
    So someone here could help, and give me an answer?
    Thank you very much for your attention and time.
    Jose M Pinto

    • Hi Jose,

      it would not have classified as WebRTC back in 2015, mostly because of the lack of DTLS for encryption and STUN. I’ve never had the time to look in detail at the changes they did for video calling though.

      • I was asked this same question recently and here is how I responded:
        WhatsApp uses WebRTC’s getUserMedia on its web interface (https://web.whatsapp.com/). Their native OSX appears to be based on Electron and looks to use the same.

        We have not analyzed their new video calling functionality. I just did some quick scans and there is some evidence that they might at least use pieces of WebRTC for that (they include the WebRTC open source software notice). More analysis would be required to confirm how it is used.

        Whatsapp main voice calling functionality is not based on WebRTC, but Fippo’s analysis showed they did use some pieces of the WebRTC library.

  7. Pingback: How to Create a Chat & Messaging App like WhatsApp - Tehapps

  8. Hello

    Do you have any new findings regarding the most recent changes of WhatsApp, how it’s uses encryption XMPP or TLS. Your 2015 posting was very interesting, however I am looking for something more recent. Thank you.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.