WhatsApp security is a major concern. The messenger is often the target of scammers and hackers. Let's see how secure WhatsApp is.
WhatsApp, the messaging platform owned by Facebook, is one of the world's most popular messaging apps. More than one billion people use the app, sending over 65 billion messages a day.
The popularity of the application has attracted the attention of cybercriminals, which contributes to the emergence of security problems, malware and spam.
1. Malicious software for WhatsApp Web
WhatsApp's huge user base makes the app a prey for cybercriminals, many of whom target WhatsApp Web. WhatsApp users can open a website or download a desktop app, scan a code using an app on their phone, and use WhatsApp on a computer.
The app stores on your phone - the App Store on iOS or the Google Play Store on Android - are more heavily regulated than sites on the Internet. A user looking for WhatsApp in these stores immediately understands which application is the official one. Unfortunately, this is not the case on the Internet.
Cybercriminals create and distribute fake WhatsApp desktop applications that contain malware. By downloading a malicious application, the user puts his computer at risk.
In some cases, hackers manage to install WhatsApp spyware by exploiting an application vulnerability.
Another attacker approach is to create phishing websites to trick users into transmitting personal information. Phishing sites masquerading as WhatsApp Web ask users to provide their phone number to connect to the service. However, in fact, attackers will use the specified number to inundate you with spam, or to match with other leaked or compromised data on the Internet.
Therefore, the best way to protect yourself is to use applications and services only from official sources. WhatsApp offers a WhatsApp Web client for use on any computer. There are also official apps for Android, iPhone, macOS and Windows devices.
2. Unencrypted backups
Messages that the user sends to WhatsApp are end-to-end encrypted. Only the sender's device and the recipient's device can decode them. This feature prevents even Facebook from intercepting messages during transmission. However, messages are not secure at all once they are decrypted on the device.
WhatsApp allows you to back up messages and media files on Android and iOS. This feature is very important as it helps to recover accidentally deleted WhatsApp messages. In addition to the cloud backup, there is a local backup on the user's device. On Android, you can back up your WhatsApp data to Google Drive. When using an iPhone, the backup is stored in iCloud. These backups contain decrypted messages from your device.
The backup file stored in iCloud or Google Drive is not encrypted in any way. Since the file contains decrypted versions of all of the user's messages, it is theoretically vulnerable and undermines WhatsApp end-to-end encryption.
Since the user has no choice of where to store the backup and depends on the cloud service providers, data security can only be hoped for. While none of the large-scale hacks have affected iCloud or Google Drive to date, such a scenario is possible. Attackers have tools to gain access to cloud storage user accounts.
One of the purported benefits of encryption is the ability to prevent government and law enforcement from accessing user data. Since the unencrypted backup is held by one of two cloud storage providers in the United States, it is easy for law enforcement to have unrestricted access to a user's messages with a warrant.
3. Facebook data exchange
In recent years, Facebook has often been criticized for monopoly and anti-competitive practices. Regulators are trying to minimize the IT giant's anticompetitive behavior by carefully monitoring acquisitions.
So in 2014, when Facebook decided to take WhatsApp into the “Facebook family,” the European Union (EU) only approved the deal after promising Facebook that the data of the two companies would be kept separately.
It didn't take long for Facebook to get back on track. In 2016, WhatsApp updated its Privacy Policy and allowed the sharing of data from WhatsApp to Facebook. The phone number was transmitted, as well as data about the time of the last use of the service. WhatsApp messages may be compromised due to Facebook data transfer.
The tech giant has assured users that their data will not be publicly available on Facebook. The company will store them in an inaccessible and hidden Facebook profile. Over the years, Facebook has made changes to make it easier to share data and proposed a new Privacy Policy. However, users and regulators have actively resisted.
After the 2016 update, users could opt out of cross-platform data sharing on WhatsApp, but after a while, this option was quietly removed. Then, in 2019, Facebook announced plans to unify its messaging platforms. At the end of 2020, the first stages of this project were implemented - the company linked Messenger with Instagram Direct.
In January 2021, Facebook released a new data sharing policy for WhatsApp, according to which user information will be transferred between the messaging app and the social network. After numerous complaints from users, the company indicated that it would limit WhatsApp's capabilities for anyone who disagrees.
As of June 2021, Facebook has mitigated the punishment, although it continues to encourage users to agree to the new rules.
4. Deception and fake news
In recent years, social media companies have been criticized for spreading fake news and disinformation on their platforms. Facebook, in particular, has been accused of spreading disinformation during the 2020 US presidential campaign. WhatsApp has also come under similar attacks.
The two most notable cases occurred in India and Brazil. WhatsApp was implicated in massive violence that took place in India in 2017 and 2018. Messages containing fabricated details of child abductions were actively forwarded by users and widely disseminated across the platform. Fake messages provoked a wave of hatred and led to the lynching of the accused of fictitious crimes.
In Brazil, WhatsApp was the main source of fake news during the 2018 elections. Because disinformation spread very easily, Brazilian businessmen set up companies to conduct illegal disinformation on WhatsApp against candidates. Businessmen purchased lists of phone numbers and arranged targeted mailing lists.
Both issues happened in 2018, which is infamous for Facebook. Digital misinformation is a complex issue. However, many consider WhatsApp's reaction to be wrong and too indifferent.
After the incidents, the company made several changes. WhatsApp has set restrictions on forwarding. Now the user can forward messages to only five groups instead of the previous limit of 250. The company has also removed the shortcut button for forwarding in a number of regions.
Despite these fixes, in the early stages of the COVID-19 pandemic, WhatsApp was used to spread misinformation about the virus. In April 2020, quarantine measures were introduced worldwide. Frightened people tried to find information on the Internet.
Following the incident, Facebook re-imposed forwarding restrictions to prevent the dissemination of false or false information. Facebook also worked with authorities and healthcare organizations around the world to develop WhatsApp chatbots, providing people with reliable information about the pandemic.
Both scenarios - the political events of 2018 and the COVID-19 pandemic - were realized due to the same problems; false information is transmitted to several people at once. Given that Facebook allegedly solved this problem in 2018, it remains unclear why disinformation about the pandemic became possible at all. Maybe the shipping limits were quietly lifted or the 2018 fixes were ineffective.
5. WhatsApp status
For years, WhatsApp's status feature, a short line of text, has been the only way for users to communicate what you're doing right now. It then morphed into WhatsApp Status, a clone of the popular Instagram Stories feature.
Instagram is a platform for public use, of course you can make your profile private if you want. WhatsApp, in turn, is a more personal service used to communicate with friends and family. It is logical to assume that sharing a status on WhatsApp is also confidential.
However, in reality this is not the case. Any of the WhatsApp user's contacts can view their status. Fortunately, the user can easily control who they share their Status with.
Going to Settings> Account> Privacy> Status, you will see three privacy options for status updates:
Is WhatsApp safe?
So, is it safe to use WhatsApp? WhatsApp is a very confusing platform. On the one hand, the company has implemented end-to-end encryption in one of the most popular applications in the world, which is undoubtedly the potential for increased security.
However, there are many other security issues with WhatsApp. Since joining the Facebook family, WhatsApp suffers from the same privacy threats and disinformation campaigns as its parent company.
WhatsApp, the messaging platform owned by Facebook, is one of the world's most popular messaging apps. More than one billion people use the app, sending over 65 billion messages a day.
The popularity of the application has attracted the attention of cybercriminals, which contributes to the emergence of security problems, malware and spam.
1. Malicious software for WhatsApp Web
WhatsApp's huge user base makes the app a prey for cybercriminals, many of whom target WhatsApp Web. WhatsApp users can open a website or download a desktop app, scan a code using an app on their phone, and use WhatsApp on a computer.
The app stores on your phone - the App Store on iOS or the Google Play Store on Android - are more heavily regulated than sites on the Internet. A user looking for WhatsApp in these stores immediately understands which application is the official one. Unfortunately, this is not the case on the Internet.
Cybercriminals create and distribute fake WhatsApp desktop applications that contain malware. By downloading a malicious application, the user puts his computer at risk.
In some cases, hackers manage to install WhatsApp spyware by exploiting an application vulnerability.
Another attacker approach is to create phishing websites to trick users into transmitting personal information. Phishing sites masquerading as WhatsApp Web ask users to provide their phone number to connect to the service. However, in fact, attackers will use the specified number to inundate you with spam, or to match with other leaked or compromised data on the Internet.
Therefore, the best way to protect yourself is to use applications and services only from official sources. WhatsApp offers a WhatsApp Web client for use on any computer. There are also official apps for Android, iPhone, macOS and Windows devices.
2. Unencrypted backups
Messages that the user sends to WhatsApp are end-to-end encrypted. Only the sender's device and the recipient's device can decode them. This feature prevents even Facebook from intercepting messages during transmission. However, messages are not secure at all once they are decrypted on the device.
WhatsApp allows you to back up messages and media files on Android and iOS. This feature is very important as it helps to recover accidentally deleted WhatsApp messages. In addition to the cloud backup, there is a local backup on the user's device. On Android, you can back up your WhatsApp data to Google Drive. When using an iPhone, the backup is stored in iCloud. These backups contain decrypted messages from your device.
The backup file stored in iCloud or Google Drive is not encrypted in any way. Since the file contains decrypted versions of all of the user's messages, it is theoretically vulnerable and undermines WhatsApp end-to-end encryption.
Since the user has no choice of where to store the backup and depends on the cloud service providers, data security can only be hoped for. While none of the large-scale hacks have affected iCloud or Google Drive to date, such a scenario is possible. Attackers have tools to gain access to cloud storage user accounts.
One of the purported benefits of encryption is the ability to prevent government and law enforcement from accessing user data. Since the unencrypted backup is held by one of two cloud storage providers in the United States, it is easy for law enforcement to have unrestricted access to a user's messages with a warrant.
3. Facebook data exchange
In recent years, Facebook has often been criticized for monopoly and anti-competitive practices. Regulators are trying to minimize the IT giant's anticompetitive behavior by carefully monitoring acquisitions.
So in 2014, when Facebook decided to take WhatsApp into the “Facebook family,” the European Union (EU) only approved the deal after promising Facebook that the data of the two companies would be kept separately.
It didn't take long for Facebook to get back on track. In 2016, WhatsApp updated its Privacy Policy and allowed the sharing of data from WhatsApp to Facebook. The phone number was transmitted, as well as data about the time of the last use of the service. WhatsApp messages may be compromised due to Facebook data transfer.
The tech giant has assured users that their data will not be publicly available on Facebook. The company will store them in an inaccessible and hidden Facebook profile. Over the years, Facebook has made changes to make it easier to share data and proposed a new Privacy Policy. However, users and regulators have actively resisted.
After the 2016 update, users could opt out of cross-platform data sharing on WhatsApp, but after a while, this option was quietly removed. Then, in 2019, Facebook announced plans to unify its messaging platforms. At the end of 2020, the first stages of this project were implemented - the company linked Messenger with Instagram Direct.
In January 2021, Facebook released a new data sharing policy for WhatsApp, according to which user information will be transferred between the messaging app and the social network. After numerous complaints from users, the company indicated that it would limit WhatsApp's capabilities for anyone who disagrees.
As of June 2021, Facebook has mitigated the punishment, although it continues to encourage users to agree to the new rules.
4. Deception and fake news
In recent years, social media companies have been criticized for spreading fake news and disinformation on their platforms. Facebook, in particular, has been accused of spreading disinformation during the 2020 US presidential campaign. WhatsApp has also come under similar attacks.
The two most notable cases occurred in India and Brazil. WhatsApp was implicated in massive violence that took place in India in 2017 and 2018. Messages containing fabricated details of child abductions were actively forwarded by users and widely disseminated across the platform. Fake messages provoked a wave of hatred and led to the lynching of the accused of fictitious crimes.
In Brazil, WhatsApp was the main source of fake news during the 2018 elections. Because disinformation spread very easily, Brazilian businessmen set up companies to conduct illegal disinformation on WhatsApp against candidates. Businessmen purchased lists of phone numbers and arranged targeted mailing lists.
Both issues happened in 2018, which is infamous for Facebook. Digital misinformation is a complex issue. However, many consider WhatsApp's reaction to be wrong and too indifferent.
After the incidents, the company made several changes. WhatsApp has set restrictions on forwarding. Now the user can forward messages to only five groups instead of the previous limit of 250. The company has also removed the shortcut button for forwarding in a number of regions.
Despite these fixes, in the early stages of the COVID-19 pandemic, WhatsApp was used to spread misinformation about the virus. In April 2020, quarantine measures were introduced worldwide. Frightened people tried to find information on the Internet.
Following the incident, Facebook re-imposed forwarding restrictions to prevent the dissemination of false or false information. Facebook also worked with authorities and healthcare organizations around the world to develop WhatsApp chatbots, providing people with reliable information about the pandemic.
Both scenarios - the political events of 2018 and the COVID-19 pandemic - were realized due to the same problems; false information is transmitted to several people at once. Given that Facebook allegedly solved this problem in 2018, it remains unclear why disinformation about the pandemic became possible at all. Maybe the shipping limits were quietly lifted or the 2018 fixes were ineffective.
5. WhatsApp status
For years, WhatsApp's status feature, a short line of text, has been the only way for users to communicate what you're doing right now. It then morphed into WhatsApp Status, a clone of the popular Instagram Stories feature.
Instagram is a platform for public use, of course you can make your profile private if you want. WhatsApp, in turn, is a more personal service used to communicate with friends and family. It is logical to assume that sharing a status on WhatsApp is also confidential.
However, in reality this is not the case. Any of the WhatsApp user's contacts can view their status. Fortunately, the user can easily control who they share their Status with.
Going to Settings> Account> Privacy> Status, you will see three privacy options for status updates:
- My contacts
- My contacts, except ...
- Share only with ...
Is WhatsApp safe?
So, is it safe to use WhatsApp? WhatsApp is a very confusing platform. On the one hand, the company has implemented end-to-end encryption in one of the most popular applications in the world, which is undoubtedly the potential for increased security.
However, there are many other security issues with WhatsApp. Since joining the Facebook family, WhatsApp suffers from the same privacy threats and disinformation campaigns as its parent company.
