WhatsApp is rolling out a new privacy feature that helps Android and iOS users hide their location during calls by relaying the connection through WhatsApp servers.
As the company’s engineering team explained today, the users’ location is hidden from other call participants by switching from the standard peer-to-peer direct connection between callers using the company’s servers to obfuscate IP address metadata that could contain information on the users’ internet service provider or broad geographical location.
However, while the calls are proxied through WhatsApp’s servers to make it harder to infer location information, it says that it cannot listen in as all calls are end-to-end encrypted. The company says in a separate support document that group calls are always relayed through its servers by default.
“Most calling products people use today have peer-to-peer connections between participants. This direct connection allows for faster data transfers and better call quality, but it also means that participants need to know each other’s IP addresses so that call data packets can be delivered to the correct device – meaning that the IP addresses are visible to both callers on a 1:1 call,” WhatsApp engineers explained.
With the new “Protect IP Address in Calls” feature enabled, “all your calls will be relayed through WhatsApp’s servers, ensuring that other parties in the call cannot see your IP address and subsequently deduce your general geographical location. This new feature provides an additional layer of privacy and security particularly geared towards our most privacy-conscious users.”
The new feature can be enabled on iOS and Android devices by toggling the “Protect IP Address in Calls” option under Settings > Privacy > Advanced.
This is part of a broader effort to boost WhatsApp users’ privacy, with the company introducing in June 2023 a Silence Unknown Callers setting that screens out calls automatically if they’re from unknown contacts.
These blocked calls will not trigger the phone’s ringer but will appear in the call list, providing visibility if they’re from someone important and were mistakenly tagged as suspicious.
Once enabled, the silence unknown callers feature aims to drastically minimize the attack surface and block spam and scam calls, as well as ‘zero-click’ attacks that take advantage of the automatic processing of incoming packets from callers.
To detect when calls should be silenced without user interaction, WhatsApp uses privacy tokens distributed between local clients. “Next, the server checks the token’s validity along with a few other factors to determine if the intended recipient allows this sender to ring them,” WhatsApp said.
As part of the same effort, in May, WhatsApp added Chat Lock, another privacy feature enabling users to block others from accessing their most private conversations.
“WhatsApp built and launched ‘Silence Unknown Callers’ and ‘Protect IP Address in Calls’ this year as part of our ongoing comprehensive work to keep users safe,” the company said.
“These features respect and improve user privacy while also reducing the effectiveness of real-world attacks.”