Cloud App Control - whatsapp web

Zscaler Cloud App Control Policy on “chatting and block file transfer”
does not have “WhatsApp web” application . Is there a reason that “WhatsApp web” is not in the list ?
application list :
• AIM Express
• eBuddy - Web IM
• Facebook - Web IM
• Google Talk
• ILoveIM - Web IM
• IM+ - Web IM
• IMO - Web IM
• Meebo - Web IM
• Mibbit - Web IRC
• MSN Web Messenger
• QQ - Web IM
• Yahoo Web Messenger

Can “WhatsApp web” SSL traffic be inspected by ZIA ?

1 Like

I wouldn’t know why not, as long as you have SSL interception active it should work. If you want to block it completely, why not block the Whatsapp URL?

1 Like

I want to allow chatting on WhatsApp web application and block file transfer like “QQ - Web IM” application on Zscaler .

I guess if you have DLP licensed this should be possible, because there you can limit where files can be uploaded. But why WhatsApp in particular? There are thousands and thousands of paths to get data out…?

1 Like

WhatsApp is end-to-end encrypted, which means that even if we do SSL inspection we won’t be able to see the content of a message. Applying Security or DLP policies is impossible because of this. With WhatsApp, wither you allow it or you block it.

More details on how WhatsApp implements end-to-end encryption are here: https://scontent.whatsapp.net/v/t61/68135620_760356657751682_6212997528851833559_n.pdf/WhatsApp-Security-Whitepaper.pdf?_nc_sid=41cc27&_nc_ohc=V1GXSLSXuXEAX8AgKph&_nc_ht=scontent.whatsapp.net&oh=87bb2899b94ae4d1ea6216bec041f8f7&oe=5E69F5E5

Hopefully, in the future, WhatsApp will give the possibility to Corporates to look into its traffic for their own employees, making WhatsApp a candidate for messaging within corporates.

2 Likes