Your WhatsApp messages might not be as private as you think

Nigel Gambanga Avatar

Whatsapp-Icon-Logo-297x300Popular instant messaging platform WhatsApp has been put into the limelight again, this time over privacy concerns tied with the messages sent on the platform.

According to an article published on Mashable it appears that other people can access your messages through downloaded Android applications. This was quoted from Bass Bosschert, a security consultant and reports on message forum Hacker News.

The security flaw lies with the encryption code that WhatsApp uses for its built-in back-up mechanism that is used for reinstalling the application or when you migrate to a new device. Apparently WhatsApp has been using the same encryption code to protect all users rather than generating a new code for each separate user.

What this means is that the database that acts as a backup store for all users’ chats is being protected by an unsafe encryption mechanism. Any other app developer that is able to decrypt this will gain access to the message database.

In an explanation posted by Bass Bosschert on his website a device’s SD card is what is used to hold the WhatsApp database. When another Android app that uses non sensitive data is given access to the SD card this creates access to all data stored there, including the WhatsApp database. WhatsApp has not yet issued any formal response to these allegations.

This is not the first time that WhatsApp’s security flaws have been exposed. In fact, the aspect of security on IM platforms has been used as an entry point for new entrants into the IM market. A good example is Telegram. The app which is available on iOS and Android, Windows Phone also has desktop versions for MS Windows, Linux and Mac OSX.

Telegram was launched in August 2013 and is the brain child of the Durov brothers. These are the guys who founded VK, Russia’s largest social network. The app is noted for its strong focus on security measures supported by end-to-end encryption. This differs from client server encryption that other IM platforms like WhatsApp, WeChat and KakaoTalk use.

Other Telegram security features include the barring of third parties such as the app’s administrators from viewing any content, the encryption of all messages sent on the platform and the ability to “destroy” messages after a set time through its Secret Chats option as is the case with SnapChat.

While there are still many options to choose for instant messaging, the issue of privacy and security will definitely be a major issue to consider when picking the right platform. If it bothers you that much perhaps now is the time to move over to Telegram.

, ,

7 comments

  1. mark

    looks like marketing for telegram

  2. tisu tichatonga

    unfortunately this is tru, i bumped into some someone’s whats app message accidentaly while working on his phone files i had downloaded to my laptop.At that point it did not strike me as odd, until i read this post

  3. munt omnyama

    So much happens when you become too paranoid about privacy. There’s no privacy in this world. How many people are able to decrypt these algorithms? And having done that, only to get silly chats.

  4. Farai Sairai

    You can restore a Whatsapp DB on another phone. Simple trick to get other people’s messages which has been around for a while. Hence the multiple sex tapes we see here and there because people just uninstall WhatsApp but forget about the DB which is automatically kept on the memory card. Next person installs WhatsApp it asks to restore and hey presto, your secret life on Facebook!

  5. ABugIsAFeature

    I always wondered how SMS Backup+ managed to copy my whatapps to gmail. In my case, this ‘bug’ is a feature, here’s why:
    Every now and again, I want to search thru my whatsapp for a message, lets say a Chinoz joke. Now, there is no search in whatsapp and the android phone search doesnt include whatsapps, solution? Backup whatsapps to gmail and voila, there’s my chinoz joke.

    >> I dont care if gmail or nsa read my chinoz jokes or my valentine msgs. (maybe if ma charlie had access i would be worried about those gvt jokes)

    1. Farai Sairai

      Well I have a feeling they are going to tighten things up very soon over the security of the DB. And yes I was a bit alarmed about SMS Backup+ but then again if Google has my deepest darkest secrets somewhere, what is the difference?

  6. NIDA

    NOW IN THIS CONDITION MY WHATSAPP NOT SHOWING CONTACTS WHATS SHOULD I DO ITS SHOW JUST CAMERA CALLS STATUS SHAT NOT CONTACTS

Join Waitlist We will inform you when the product arrives in stock. Please leave your valid email address below.