I could never have designed WhatsApp
I finished a project with a wonderful group of people, and part of that involved working directly with WhatsApp—unofficially, though—and through that, I think I’ve gotten a good idea of how it works (I could tell from metrics when their daily deployments happened… if that’s enough confidence). The design is brilliant and stupid all at once… but importantly, it’s not something I would have designed; so I thought it might be nice to share how I think it works.
Before we start, to be clear: I have no proof of this (except for a few thousand hours of working on it), and I’ve never spoken to anyone from Meta… this could all be wrong.
# Getting to the first tick
Let’s say Alice is sending a message to Bob. The message goes from her device to the WhatsApp server, where the metadata on the message is checked, and ultimately, the message is stored on their server. The message itself is encrypted—so if you could access the database of messages, that would be useless as only Bob can decrypt it. But the metadata is not encrypted. This does include information like:
- Who is involved in the conversation
- Message type (e.g., image, voice note, edit, or just a text message)
- Version info (and you can get rejected for incorrect version info).
This (I assume) is stored encrypted at rest on WhatsApp’s side, but if you could use their tools, it would be available to you.
# The second tick
WhatsApp now uses the established connection with Bob’s device and pushes the message to the device. The message and any attachments are now on the device, which responds to WhatsApp and initiates sending the second tick to Alice. At this point, WhatsApp removes the message from their servers.
This is why you cannot restore your messages from WhatsApp unless you have a backup—they do not keep them. This is so brilliant because it lowers disk space usage on the WhatsApp side and reduces the risk of a breach or someone asking WhatsApp for messages—because they don’t have them.
# WhatsApp Web can restore your messages
If you’ve ever used WhatsApp Web, you know that when you connect, you see all your existing conversations and messages—live info! Yet, I just told you that WhatsApp doesn’t have this info on their servers… so where does it come from?
They come from the device!
This blew my mind, but when WhatsApp Web starts, it uses the WhatsApp servers to establish a proxy connection to the device. The device then exports the data, and WhatsApp Web imports it—that’s how you get the data. (I also think Signal works the same way, because if you run a transfer to a new device, it needs to connect to the original device to ingest the messages.)
What surprised me—and is the stupidest thing—is that the export format for Android and iOS is different! In other words, what you get (and how many messages) depends on your device and the version of WhatsApp you have on it. This means WhatsApp Web needs to support multiple import formats because there’s no standardization.
Once the import is done, the source device can be turned off, and everything will still be available—which tells us that WhatsApp Web is storing all your messages in your browser (likely encrypted at rest).
# End-to-End Encryption
One of the most common questions I got when I talked about my work was: “Isn’t WhatsApp end-to-end encrypted?” And it is.
There’s transport-level encryption—like TLS in your browser—and the message is encrypted in a way that only the recipient can decrypt. But once the message is delivered, it’s in plain text for a bit while it’s shown to the reader. It’s also encrypted for storage in a way that only the recipient can decrypt.
This means end-to-end encryption prevents a man-in-the-middle attack but does not prevent a man-at-the-end attack. A man-at-the-end scenario happens when you either:
- Do something that works directly with the WhatsApp app (e.g., accessibility tools)
- Build your own WhatsApp client, which lets you do anything you want.
# FAQ
How does this work with multiple devices? WhatsApp stores the message on the server until it’s delivered to all devices. This is likely why there’s a limit on how many connected devices you can have at once (5 at the time of writing). If you add a sixth, one of the others will be disconnected.
Are groups any different? No, they’re not. Again, the message seems to remain on the WhatsApp server until each member of the group receives it.
Do messages ever die on the server? My gut says yes—there’s some wording in WhatsApp about logging in every 30 days, but I never tested this. It would make sense that they should expire.