WhatsApp is one of the most popular instant messaging apps for mobile devices today. It’s widely used together with the Facebook Messenger, Google Messenger, Viber, and SnapChat among others. While each of this app has a certain fan base, together they make up for most of the mobile market that now prefer instant messaging over text messaging. It’s definitely cheaper, more convenient, and even more fun to use.
However, there is still the problem of security and privacy for most apps in the Android market. A recent leak had us rethinking about how we use instant messaging apps, specifically WhatsApp. Over at Reddit, someone shared a privacy setting issue that could still be abused, thanks to a tool called ‘WhatsSpy-PublicSign’. I don’t personally use WhatsApp even though I have an account but as with any security issue, we’re all interested to know what’s really happening.
Redditor ilovealaska started a thread by saying the “lastseen” privacy setting of WhatsApp can be abused as showed by WhatsSpy Public. Checking on the said tool, this app can track the movements of anyone you want to follow on WhatsApp. Just knowing their phone number is enough to obtain information that should not be gathered. This web-based app is said be setup as a Proof of Concept that WhatsApp isn’t safe because this particular tool tracks a number of activities including profile photos, status messages, privacy settings, and online or offline status.
According to developer Maikel Zweerink, he did this project to let people know how broken and messed up WhatsApp’s privacy options are. Learning about this is actually scary especially for those avid WhatsApp users. Some redditors already warned other users to stay away from WhatsApp for now until an official fix is available. That seems like a sound warning but it’s not that easy to follow especially in countries like Germany where 80% of the people use WhatsApp regularly. Perhaps this warning will benefit those who send intimate and not so innocent messages, images, and even emails.
WhatsApp developers may have thought about security, encryption/decryption, and password management but it’s obvious there really is a problem here. The Reddit thread even went longer because a number of people have already shared similar experiences. Let’s wait and see how WhatsApp will respond to this issue.
Due to privacy concerns, I switched to Threema a long time ago, but I never imagined that WhatsApp could be that insecure!