Skip to Content

How does WhatsApp work step by step?

WhatsApp is one of the most popular messaging apps in the world, with over 2 billion users. But how exactly does it work behind the scenes? In this comprehensive guide, we will walk through step-by-step how WhatsApp’s features and infrastructure come together to enable seamless messaging and calling.

The Basics of WhatsApp

WhatsApp is a cross-platform centralized messaging and voice over IP (VoIP) service owned by Meta (formerly Facebook). It allows users to send text messages, audio messages, videos, documents and make voice and video calls over the internet.

Some key features of WhatsApp include:

  • End-to-end encryption for messages, calls, photos, videos, documents, etc.
  • Group chats with up to 256 participants
  • Ability to send messages internationally without extra charges
  • Media sharing (photos, videos, GIFs, documents)
  • Voice and video calls
  • Statuses and stories
  • Supports Android, iOS, Windows Phone, Nokia S40 and S60, and Blackberry smartphones

WhatsApp uses an internet connection on smartphones to send messages, make calls, share media and more between users. It works on both WiFi and mobile data connections. Next let’s look at how WhatsApp verifies users and establishes connections between them.

User Verification

When a user first signs up for WhatsApp, the app verifies the phone number entered in a few ways:

  1. It checks if the phone number format is valid and can receive SMS or calls.
  2. It sends an SMS to the user containing a six digit verification code.
  3. It requires the user to enter this SMS verification code to activate their account.

This verification process confirms that the user has access to the phone number and helps prevent unauthorized people from registering with other people’s phone numbers.

Contact Discovery

Once verified, WhatsApp accesses the user’s local phone contacts and checks if any of those contacts also have WhatsApp. If there are matches, it will display them in the app, allowing users to immediately begin messaging those contacts already on WhatsApp.

WhatsApp asks for permission to access contacts and periodically matches them to check for new contacts using WhatsApp. Users can also manually invite their contacts to download and use WhatsApp if they can’t immediately find them.

End-to-end Encryption

All messages, calls, media, etc. sent between users on WhatsApp are end-to-end encrypted by default. This means only the sender and recipient can read or listen to them, not anyone in between.

WhatsApp implements the Signal Protocol designed by Open Whisper Systems for end-to-end encryption. Some key aspects of how this works:

  • Each user has a unique security key that is stored only on their device.
  • Messages are encrypted on the sender’s device using the recipient’s security key.
  • The encrypted message can only be decrypted on the recipient’s device using their security key.
  • Even WhatsApp servers cannot access the encrypted message content.

This prevents third parties from accessing or listening to messages as they are transmitted over the internet. WhatsApp servers only see encrypted blobs of data, keeping user communications secure.

Texting

The process of sending and receiving text messages on WhatsApp takes the following steps:

  1. Sender types and sends a message to a recipient (or group).
  2. The message is encrypted on the sender’s device and sent to the nearest WhatsApp server.
  3. WhatsApp server forwards the encrypted message to the recipient’s device.
  4. Recipient’s device decrypts the message using their security key.
  5. Recipient sees the decrypted message content and can reply.

A double check mark next to a message indicates the recipient has successfully received and read the message. The process is complete when the recipient replies and the cycle continues.

Media Sharing

WhatsApp also supports sharing photos, videos, GIFs, documents and voice messages. The media transfer process works like this:

  1. Sender selects media file on device to share.
  2. Media file is compressed and encrypted on device.
  3. Encrypted media file sent to nearest WhatsApp server.
  4. WhatsApp server transfers file to recipient’s device.
  5. Recipient device decrypts and decompresses media file.
  6. Recipient views and receives shared media file.

File compression and encryption protects the media in transit between devices. Shared media is not stored encrypted on WhatsApp servers but exists in decrypted form on user devices.

Group Chats

Group chats on WhatsApp work by:

  1. Group admin creates a group and adds participants.
  2. Any new messages are encrypted and sent to all group participants using their security keys.
  3. Participants receive and decrypt the messages on their devices.
  4. Any replies are encrypted and forwarded to all participants again.

This continues in an endless cycle as members communicate in groups. Admins can add or remove people and control settings.

Voice and Video Calls

WhatsApp also supports making voice and video calls via end-to-end encryption:

  1. Caller initiates a call request to the recipient.
  2. Request is routed through WhatsApp servers to the recipient.
  3. Recipient accepts the call request.
  4. A peer-to-peer encrypted call is established.
  5. Encrypted packets of audio/video are routed between devices.
  6. Real-time decoding and playing of streaming data.
  7. Call ends when either side hangs up.

Routing the call setup via WhatsApp servers helps establish the peer-to-peer call between devices. The actual call content itself is encrypted end-to-end and streamed directly between the parties.

User Profiles

WhatsApp has basic user profile features like profile pictures, statuses, and about info. Here is how profile management works:

  • Users upload a profile photo which is encrypted and stored on WhatsApp servers.
  • This photo is downloaded and decrypted by the user’s contacts when viewing their profile.
  • Statuses automatically expire after 24 hours. User stories expire after 24 hours.
  • About info is stored encrypted on WhatsApp servers and decrypted when profile is viewed.

Profile photos and information is secured against unauthorized access on WhatsApp servers. Other users only access what is shared by the profile owner.

Backups

WhatsApp provides backups of messages and media to Google Drive or iCloud. The backup process works like this:

  1. User enables backups to Google Drive or iCloud.
  2. Latest messages, media files, etc. are compressed and encrypted.
  3. The encrypted backup file is sent to cloud storage.
  4. When restoring, backup file is retrieved, decrypted and restored.

Backups allow restoring message history when reinstalling WhatsApp or getting a new device. Encryption protects privacy but files exist decrypted in cloud storage.

Deleting Messages

When a user deletes messages or media on WhatsApp, it is deleted from their own device only. As WhatsApp is end-to-end encrypted, the platform itself cannot delete messages from recipients’ devices.

So deleting only removes messages from the sender’s device if done after sending. Recipients must manually delete their copy of the message. Backups may still retain deleted messages until overwritten.

Delivery Confirmations

WhatsApp shows delivery confirmations when messages and media are received by the recipient’s device:

  • Single check – Message sent from sender’s device.
  • Double check – Message delivered to recipient’s device.
  • Blue checks – Recipient has read the message.

This provides visual confirmation that the encrypted transmission between devices succeeded. It does not indicate the recipient has actually read the message content.

Storage and Infrastructure

WhatsApp leverages Facebook’s global infrastructure and network of data centers to deliver its service worldwide. Here are some key infrastructure components:

  • Application servers – Manage API calls, account creation, key exchanges, notifications.
  • Messaging servers – Route and transmit encrypted messages between users.
  • Media servers – Store encrypted media before transmission.
  • Database servers – Store user account data and metadata.
  • Web servers – Serve WhatsApp Web client and traffic.
  • Load balancers – Distribute workloads across data centers.

WhatsApp follows a microservices architecture with individual components handling discrete functions. This provides flexibility to scale specific services independently.

Reliability

WhatsApp utilizes various methods to ensure reliable messaging between over 2 billion users globally:

  • Redundant servers and data centers prevent single points of failure.
  • Consistent server monitoring to rapidly detect and resolve issues.
  • Auto-retry of failed message deliveries using exponential backoff.
  • Acknowledgement messages and delivery confirmations.
  • Offline message queuing when devices temporarily disconnect.

These approaches maximize uptime and ensure users can depend on WhatsApp for secure messaging and calls worldwide.

Privacy

WhatsApp implements several measures to protect user privacy beyond just end-to-end encryption:

  • No third-party ad trackers or analytics scripts on app or web client.
  • Minimal metadata, analytics and usage data collected.
  • Manual user reporting required for bulk messaging.
  • Communications hidden from carrier networks.
  • No reading or listening to message contents by WhatsApp.

While WhatsApp does collect some data for operations, user communications via the platform remain private and anonymous to external parties.

Multi-device Support

WhatsApp recently introduced native multi-device capability allowing use on up to 4 linked devices simultaneously:

  • Primary device initiates multi-device setup, becomes index.
  • Encryption keys synced securely from main device to linked devices.
  • Messages synced across devices but stored locally when encrypted.
  • Index device must connect online at least once every 60 days.

Multi-device enhances convenience but maintains the end-to-end encryption of chat databases on all synced devices.

Conclusion

In summary, WhatsApp provides a robust, end-to-end encrypted messaging service by:

  • Verifying users with SMS confirmation codes.
  • Discovering contacts automatically using phone number matching.
  • Encrypting all messages, media, calls and data in transit between devices.
  • Facilitating communications via an efficient globally distributed infrastructure.
  • Delivering reliability through redundancy, monitoring and retries.
  • Enforcing privacy protections beyond just encryption.
  • Expanding to multiple devices while maintaining message security.

Following these essential principles and processes, WhatsApp has become one of the most trusted, private and dependable messaging platforms worldwide with over 2 billion users.