How does WhatsApp identify a specific user in order to forward the messages to him?
Here is what I did:
- I backed up my iOS App from my old device
- Restored the backup to the new device
- Opened WhatsApp on new device
And it works without any need for SMS verification for new device.
So that's telling me WhatsApp does one of two things:
- WhatsApp embeds your phone number during verification process into the app itself
- WhatsApp embeds the verification code you get via SMS into the app itself and uses that as identifier to that phone number
The first method is stupid if it's true, because any smart guy can reverse engineering and modify WhatsApp code and embed any phone number he want to hack.
The second method seems smart since no one knows the SMS code except you, but this isn't secure either, because government or anyone who has a connection, for example, would have no problem getting all incoming SMS message for any phone and from there they can reverse engineer WhatsApp app and embed that as well.