WhatsApp login OTP messages may soon be a thing of the past, or at least optionally. According to a new post by WABetaInfo, WhatsApp is testing a new feature called ‘flash call’, and its only purpose will be to verify the authenticity of a user’s attempt to login to WhatsApp by replacing the conventional one-time password (OTP). The flash call will require a user to give WhatsApp access to their phone dialler, as well as their call list. The feature will be clearly optional, but given that the WhatsApp login flash call may be perceived as a more secure option, the app’s Android users may soon receive it on their stable app.
In beta at the moment, the WhatsApp flash call feature will require users to give the above mentioned permissions to the app. Once the permissions are granted, an automated WhatsApp server call will be made to the user’s phone number, and automatically disconnected as well. By doing this, WhatsApp will bypass the need for users to enter a login OTP manually into the app when they attempt to login – a notorious stage that many scammers have been targeting in recent times. A recent hack had even showed that a hacker may brute force a login attempt to block OTP access for the actual user, and then work around to steal their accounts.
According to the beta report, the feature is only being worked on right now, and WhatsApp is looking for the best way to pitch it to users. The WhatsApp automatic verification call screen revealed in the beta update report at the moment shows the app describing why it needs the permissions, with a single-line promise that WhatsApp will only access the call log and dialler once, and not after that. The screen will also link users to a page describing the verifying with call process in more detail.
However, even if it debuts for Android, iOS users will not get access to the feature. Apple does not offer an API that gives any app access to a user’s dialler and call list, which means that all iPhone users will continue to rely on OTPs for logging in to WhatsApp. The calling service should help the app deal with scammers, since it bypasses all manual inputs and therefore gives no way for attackers to attempt a forced takeover of a user’s account.