Can I use the WhatsApp application with a ProxySG appliance?

book

Article ID: 167671

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

The following information is for the WhatsApp application and not the website version of WhatsApp. The website version should work with a proxy that is using SSL interception.

The WhatsApp application was not designed to work with a proxy. For more information on why the application does not work with a proxy, view the following WhatsApp FAQ article:

https://www.whatsapp.com/faq/iphone/22025683

WhatsApp changed to use end-to-end encryption and the ProxySG appliance does not support the end-to-end encryption because WhatsApp does not run on standard SSL traffic.
Please refer to the WhatsApp Security article which describes on security it used and as well on how the end-to-end encryption method works.

https://www.whatsapp.com/security/

Resolution

Although phones can be configured explicitly to use a proxy, WhatsApp does not use these settings and should be considered a transparent application only. Since that's the case, your only choice is to use Transparent Proxy to bypass WhatsApp traffic or configure the proxy to tunnel protocol errors.

 

 

 

Workaround

You can configure the ProxySG appliance to allow WhatsApp traffic to pass through the appliance. To configure the appliance to allow WhatsApp traffic to pass though:
  1. Create a service tunnel using TCP Tunnel on WhatsApp port 5222 and 5223
  2. Configure the service tunnel to bypass decryption by the ProxySG appliance.
Note: Configuring the service tunnel to bypass encryption allows you to see the amount of WhatsApp traffic flowing through the appliance, but the ProxySG appliance cannot decrypt this traffic.

Alternatively, you can configure your ProxySG appliance to automatically bypass the next connection when the first attempt to establish a connection fails. To automatically bypass the next connection, click Configuration > Proxy Settings > General and select the Tunnel on Protocol Error box.