ioswhatsapppushkit

How does the WhatsApp web client still work with the latest iOS update (SDK version 13.0+)?


Dark mode support was added to version 2.20.31 (released in March of 2020) of the WhatsApp client. This is an iOS 13-only feature, and from the look & feel it appears to be a fully native implementation. I think it is safe to assume that the app is now being compiled with iOS SDK 13.0 or above.

The thing is, as of iOS 13, Apple now requires the native call screen to be shown whenever a VoIP notification is received - otherwise, the app will not receive any further VoIP notifications. In previous version of iOS, some apps (including WhatsApp) appear to use "fake" incoming VoIP calls to silently wake up the app in background when the user attempted to use the web client, so that the latter could then connect and exchange data directly with the phone.

However, as of the latest version, the web client still appears to work as it did before despite the restriction introduced by Apple. Using a debugger it is possible to observe the iOS app waking up whenever the user opens the web client on a PC, but no call screens are ever shown. This can be done repeatedly and as often as we want.

The logs from WhatsApp seems to confirm what is written above:

default 17:09:44.515731+0000    callservicesd   Call source <CXXPCCallSource 0x111ecb0a0 identifier=UKFA9XBX6K.net.whatsapp.WhatsApp isConnected=1 processIdentifier=417 isPermittedToUsePublicAPI=1 isPermittedToUsePrivateAPI=0> registered with configuration <CXProviderConfiguration 0x111e9bb40 localizedName=‎WhatsApp ringtoneSoundURL=(null) iconTemplateImageData=0x0 maximumCallGroups=1 maximumCallsPerCallGroup=1 supportsAudioOnly=1 supportsVideo=1 supportsEmergency=0 supportsVoicemail=0 supportsCurrentPlatform=1 includesCallsInRecents=1 audioSessionID=1151157 supportedHandleTypes=2>

If we try to do this with our app, the results are quite different:

error   18:56:19.949023+0000    callservicesd   Killing VoIP app com.xxxxx.xxxxx.xxxxx because it failed to post an incoming call in time.

Any idea what's going on here? Is WhatsApp using any sort of undocumented workaround or exploiting some sort of private API?


Solution

  • This is WhatsApp latest entitlements file:

    <?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
    <plist version="1.0">
    <dict>
        <key>com.apple.developer.icloud-container-identifiers</key>
        <array>
            <string>57T9237FN3.net.whatsapp.WhatsApp</string>
        </array>
        <key>com.apple.developer.pushkit.unrestricted-voip</key>
        <true/>
        <key>com.apple.developer.ubiquity-container-identifiers</key>
        <array>
            <string>57T9237FN3.net.whatsapp.WhatsApp</string>
        </array>
        <key>application-identifier</key>
        <string>UKFA9XBX6K.net.whatsapp.WhatsApp</string>
        <key>com.apple.developer.carplay-messaging</key>
        <true/>
        <key>aps-environment</key>
        <string>production</string>
        <key>com.apple.developer.icloud-container-environment</key>
        <string>Production</string>
        <key>com.apple.developer.associated-domains</key>
        <array>
            <string>applinks:api.whatsapp.com</string>
            <string>applinks:v.whatsapp.com</string>
            <string>applinks:chat.whatsapp.com</string>
            <string>applinks:wa.me</string>
        </array>
        <key>com.apple.developer.siri</key>
        <true/>
        <key>com.apple.developer.team-identifier</key>
        <string>57T9237FN3</string>
        <key>com.apple.developer.icloud-services</key>
        <array>
            <string>CloudDocuments</string>
            <string>CloudKit</string>
        </array>
        <key>com.apple.security.application-groups</key>
        <array>
            <string>group.net.whatsapp.WhatsApp.shared</string>
            <string>group.com.facebook.family</string>
            <string>group.net.whatsapp.WhatsApp.private</string>
            <string>group.net.whatsapp.WhatsAppSMB.shared</string>
            <string>group.net.whatsapp.family</string>
        </array>
    </dict>
    </plist>
    

    This specific entitlement seems to be the reason that they are allowed to not report an incoming call:

    com.apple.developer.pushkit.unrestricted-voip

    I can't find any documentation regarding this entitlement, so I'm pretty sure they have been given a special permission by Apple.