Code Verify

Code Verify

An extension to verify the code running in your browser matches what was published.

What is Code Verify?

Code Verify is an Edge add-on by Facebook. This add-on has 89,723 weekly active users and an average user rating of 3.50. The latest version, 2.1.1, was updated 2 months ago.

Stats date:
Rating: 3.50 (2)
Version: 2.1.1 (Last updated: 2023-04-07)
Creation date: 2022-03-11
Manifest version: 3
  • webRequest
Host permissions:
  • https://*
  • *://**
  • *://**
  • *://**
Size: 91.91K
Risk impact: High risk impact
Risk likelihood: Moderate risk likelihood

Other platforms

Code Verify
Code Verify (v2.1.1)
23 17,761
Not available on Firefox
An extension to verify that the code running in your browser matches what was published.

The new Code Verify is an open-source browser extension that lets you verify the authenticity of the WhatsApp, Facebook, or Messenger client that you are being served when you use them on the web. Code Verify will immediately alert you if your web version is inauthentic or has been modified. 

Mobile phones have security verification protocols in place to ensure that the client you’re downloading is authentic and hasn’t been modified. Unfortunately, those assurances haven’t existed for web-based implementations of apps (those that run on web browsers). Code Verify was created as a solution. 

When people use messaging apps via the web, they’re being served Javascript rather than a binary application. This means it's technically possible to serve people a different experience than what they were expecting.

We know that bad actors may want to alter an app and distribute that app to unsuspecting targets. For example, a bad actor could serve someone a version that was created to spy on them – without them ever knowing the difference. 

Code Verify was designed with our most security-conscious users in mind —  those who might want additional peace of mind about their message security. Millions of people use WhatsApp, Facebook, and Messenger on the web each month, and this type of independent verification and redundancy (also known as binary transparency) on the web is a huge step forward for online privacy.
See more
User reviews
I think it is not working properly right now. I installed it both from Chrome web store and Microsoft Edge Add-ons store and it shows red alert in both. I also disabled all the other extentions in case they are interfering with this extension but no, it still shows the red alert. I also tried it on Chrome thinking it is browser specific problem but it is same there as well.
by Metin, 2022-03-12
View all user reviews
Risk impact

Code Verify requires a number of risky permissions that can potentially harm your browser and steal your data. Exercise caution when installing this add-on. Review carefully before installing. We recommend that you only install Code Verify if you trust the publisher.

Risk impact measures the level of extra permissions an extension has access to. A low risk impact extension cannot do much harms, whereas a high risk impact extension can do a lot of damage like stealing your password, bypass your security settings, and access your personal data. High risk impact extensions are not necessarily malicious. However, if they do turn malicious, they can be very harmful.

Risk likelihood

Code Verify is probably trust-worthy. Prefer other publishers if available. Exercise caution when installing this add-on.

Risk likelihood measures the probability that an Edge add-on may turn malicious. This is determined by the publisher and the Edge add-on reputation on Edge Add-on Store, the amount of time the Edge add-on has been around, and other signals about the Edge add-on. Our algorithms are not perfect, and are subject to change as we discover new ways to detect malicious extensions. We recommend that you always exercise caution when installing an Edge add-on, especially ones with higher risk impact and/or higher risk likelihood.

Subscribe to the premium plan to see more risk analysis details