Affiliate Disclosure: By buying the products we recommend, you help keep the lights on at MakeUseOf. Read more.
WhatsApp, the Facebook-owned messaging platform, is one of the world’s most popular messaging apps. It is estimated that over one billion people use the app, sending over 65 billion messages per day.
It’s no surprise then that security concerns, malware threats, and spam have begun to appear. Here’s everything you need to know about WhatsApp’s security issues.
1. WhatsApp Web Malware
WhatsApp’s enormous user base make it an obvious target for cybercriminals, many of which center around WhatsApp Web. For years, WhatsApp has allowed you to open a website, or download a desktop app, scan a code with the app on your phone, and use WhatsApp on your computer.
The app store on your phone—the App Store on iOS and Google Play on Android—are more carefully regulated than the internet at large. When you search for WhatsApp on those stores, it’s generally clear which app is the official one. That isn’t true of the wider internet.
Criminals, hackers, and scammers have all taken advantage of this. There have been instances of attackers passing off malicious software as WhatsApp desktop applications. If you are unfortunate enough to have downloaded one of these, the installation can distribute malware or otherwise compromise your computer.
In some cases, hackers were able to install spyware due to a WhatsApp vulnerability.
Others tried a different approach, creating phishing websites to trick you into handing over personal information. Some of these websites masquerade as WhatsApp Web, asking for you to enter your phone number to connect to the service. However, they actually use that number to bombard you with spam or correlate with other leaked or hacked data on the internet.
To be on the safe side, the best way to stay secure is to use only apps and services from official sources. WhatsApp offers a web client for you to use on any computer, known as WhatsApp Web. There are also official apps for Android, iPhone, macOS, and Windows devices.
2. Unencrypted Backups
The messages you send on WhatsApp are end-to-end encrypted. This means that only your device, and that of the recipient, can decode them. The feature prevents your messages from being intercepted during transmission, even by Facebook themselves. However, this doesn’t secure them once they are decrypted on your device.
WhatsApp allows you to back up your messages and media on Android and iOS. This is an essential feature as it allows you to recover accidentally deleted WhatsApp messages. There is a local backup on your device in addition to a cloud-based backup. On Android, you can back up your WhatsApp data to Google Drive. If you are using an iPhone, then your backup destination is iCloud. These backups contain the decrypted messages from your device.
The backup file stored on iCloud or Google Drive is not encrypted. As this file contains decrypted versions of all your messages, it is theoretically vulnerable and undermines WhatsApp’s end-to-end encryption.
As you have no choice in backup location, you are at the mercy of the cloud providers to keep your data secure. Although no large-scale hacks have affected iCloud or Google Drive to date, that doesn’t mean that it isn’t possible. There are other means that attackers could use to gain access to your cloud storage accounts too.
One of the supposed benefits of encryption is, for better or worse, being able to prevent government and law enforcement from accessing your data. As the unencrypted backup is stored on one of two U.S.-based cloud storage providers, all it would take is a warrant, and they would have unfettered access to your messages. If you do choose to back up your WhatsApp data to the cloud, it largely undermines the service’s end-to-end encryption.
3. Facebook Data Sharing
Facebook has been the subject of much criticism in recent years. One of those criticisms is of Facebook’s effective market monopoly and anti-competitive actions. Regulators attempt to minimize anti-competitive behavior by evaluating any takeover attempts.
So, when Facebook decided that it wanted to add WhatsApp to the ‘Facebook Family,’ the European Union (EU) only approved the deal after Facebook assured them that the two companies, and their data, would be kept separate.
They also stated that none of your information would publicly visible on Facebook, implying that it would instead be hidden in Facebook’s inaccessible profile of you. Following the backlash to this announcement, WhatsApp allowed users to opt-out of this data sharing arrangement. However, in the intervening years, they quietly removed this option.
This is likely in preparation for Facebook’s future plans. According to a January 2019 report in the New York Times, Facebook is starting to create one unified infrastructure for all of their messaging platforms. This would incorporate Facebook, Instagram, and WhatsApp. So, while each service would continue as a standalone app, the messages would all be sent on the same network.
4. Hoaxes and Fake News
In recent years, social media companies have been criticized for allowing fake news and misinformation to spread on their platforms. Facebook, in particular, has been condemned for its role in spreading misinformation throughout the 2016 U.S. Presidential campaign. WhatsApp has also been subject to those same forces.
Two of the most notable cases have been in India and Brazil. WhatsApp was implicated in the widespread violence that occurred in India during 2017 and 2018. Messages containing details of fabricated child abductions were forwarded and spread across the platform, customized with local information. These messages were widely shared across people’s networks and resulted in the lynching of those accused of these fake crimes.
In Brazil, WhatsApp was the primary source of fake news throughout the 2018 elections. As this kind of misinformation was so easy to spread, business people in Brazil set up companies that created illegal WhatsApp misinformation campaigns against candidates. They were able to do this as your phone number is your username on WhatsApp, so they purchased lists of phone numbers to target.
Both issues were ongoing through 2018, a year that was infamously terrible for Facebook. Digital misinformation is a difficult problem to deal with, but many viewed WhatsApp’s response to these events as apathetic.
However, the company did implement a few changes. WhatsApp put limits on forwarding so you can only forward to five groups, rather than the previous limit of 250. The company also removed the forwarding shortcut button in a number of regions too.
5. WhatsApp Status
For many years, WhatsApp’s status feature, a brief line of text, was the only way for you to broadcast what you were doing at the time. This morphed into WhatsApp Status, a clone of the popular Instagram Stories feature.
Instagram is a platform that is designed to be public, although you can make your profile private if you choose. WhatsApp, on the other hand, is a more intimate service, used for communicating with friends and family. So, you may assume that sharing a Status on WhatsApp is private too.
However, that isn’t the case. Anyone in your WhatsApp contacts can view your Status. Fortunately, it is quite easy to control who you share your Status with.
Navigate to Settings > Account > Privacy > Status and you’ll be shown three privacy choices for your Status updates:
- My contacts
- My contacts except…
- Only share with…
Despite this simplicity, WhatsApp doesn’t make it clear if your blocked contacts can view your Status. However, the company has done the sensible thing, and your blocked contacts are unable to view your Status regardless of your privacy settings. As with Instagram Stories, any videos and photos added to your Status will disappear after 24 hours.
Is WhatsApp Safe?
Now, is WhatsApp safe to use? WhatsApp is a confusing platform. On the one hand, the company implemented end-to-end encryption in one of the world’s most popular apps; a definite security upside. However, there are many WhatsApp security concerns. One of the primary issues is that it is owned by Facebook, and suffers many of the same privacy dangers and misinformation campaigns as their parent company.
If these reasons, along with media file jacking on Android, challenge your messaging app allegiance, there are WhatsApp alternatives that guard your privacy. However, if you decide to stick with WhatsApp, check out these tips to chat efficiently on WhatsApp Desktop.