5 WhatsApp Security Threats Every User Should Know

By Riley ThompsonTechnology News

5 WhatsApp Security Threats Every User Should Know

WhatsApp, owned by the social media giant Facebook, is one of the most popular messaging apps in the world. Estimates suggest that WhatsApp has around one billion users who send over 65 billion messages every day. With such popularity, it’s no surprise that the app has become a target for security threats, malware, and spam. Here are five key security issues every WhatsApp user should be aware of.

1. Abuse of WhatsApp Web

WhatsApp’s massive user base makes it an obvious target for cybercriminals, many of whom focus on WhatsApp Web. For several years, WhatsApp has been available through a website or as a desktop app, allowing users to scan a code on their phone and use the messenger on their computer.

Official app stores like the App Store (iOS) and Google Play (Android) are much more strictly regulated than other sites on the internet. When searching for WhatsApp in an official store, it’s clear which app is legitimate. Online, however, things are less obvious, and hackers, spammers, and other criminals take advantage of this.

There have been cases where attackers disguised malware as official WhatsApp apps. After downloading and installing these, victims’ systems were infected or otherwise compromised. In some cases, hackers exploited vulnerabilities in WhatsApp to install malware.

Other attackers used phishing sites designed to collect personal information. Some of these sites mimicked the WhatsApp web version and asked for a phone number to connect to the service. The collected numbers were then used for spam or cross-referenced with other stolen data.

To stay safe, always use apps and services from official sources. WhatsApp offers an official web client (WhatsApp Web) for use on any computer, as well as official apps for Android, iOS, macOS, and Windows.

2. Unencrypted Backups

WhatsApp uses end-to-end encryption when sending messages, meaning only you and the recipient can decode the information. This protects your data from interception (even by Facebook administrators) during transmission. However, end-to-end encryption does not protect messages after they are decrypted on your device.

WhatsApp allows you to create backups of your messages and other content on both Android and iOS. This is a useful feature for restoring accidentally deleted messages. In addition to cloud backups, there are also local backups on your device. On Android, you can save backups to Google Drive; on iOS, to iCloud. These backups contain messages that have already been decrypted on your device.

Backups stored on iCloud and Google Drive are not encrypted. In theory, these cloud services could be vulnerable, which reduces the effectiveness of end-to-end encryption.

Since you can’t choose where your backup is stored, your data security depends on the cloud provider. While there haven’t been any major hacks of iCloud or Google Drive to date, there’s no absolute guarantee of safety. There are also other ways for someone to gain unauthorized access to your cloud account.

One of the main benefits of encryption is protecting your information from governments and law enforcement. Since unencrypted backups are stored with American cloud providers, all it takes is a warrant to access your data. In short, unencrypted backups undermine the effectiveness of end-to-end encryption.

3. Data Sharing with Facebook

In recent years, Facebook has faced criticism for its market monopoly and anti-competitive practices. Regulators have tried to minimize these actions by closely examining any acquisitions.

When Facebook acquired WhatsApp, the European Union approved the deal only after assurances that Facebook and WhatsApp would remain separate companies and keep their data separate.

However, Facebook soon revisited this agreement, and in 2016, WhatsApp updated its Privacy Policy to allow sharing information with Facebook. While the full details of what is shared were not made public, it includes your phone number and other data, such as your last seen time.

It was stated that none of this information would be publicly available on Facebook and would remain hidden in an inaccessible profile. In response to backlash, WhatsApp added an option to opt out of data sharing, but this was quietly removed later.

This move likely sets the stage for Facebook’s future plans. According to a New York Times article published in January 2019, Facebook is working on a unified infrastructure for all its messaging platforms: Facebook, Instagram, and WhatsApp. While each service will continue to operate as a separate app, all messages will be sent through a single network.

4. Rumors and Fake News

Recently, social networks have been criticized for allowing the spread of fake news and misinformation. Facebook, in particular, was involved in legal proceedings over the spread of false information during the 2016 U.S. presidential campaign. WhatsApp has also faced criticism for similar reasons.

Two of the most notable cases occurred in India and Brazil. In India, WhatsApp was used to spread information related to violence in 2017-2018. Messages included details about fabricated child abductions and named supposed criminals, which reached a large audience. This led to lynchings of people accused of crimes that never happened.

In Brazil, WhatsApp was a source of fake news during the 2018 elections. Because such information is easy to spread, some businesspeople organized entire disinformation campaigns via WhatsApp against candidates. This was possible because a phone number serves as a username, and they purchased phone number databases for mass messaging.

Both issues persisted throughout 2018, making it one of the worst years for Facebook. Preventing the spread of misinformation in the digital age is difficult, and many felt WhatsApp’s response was too slow.

However, WhatsApp has made some changes. For example, there are now limits on message forwarding. Previously, you could forward a message to 250 groups; now, it’s only 5. In some regions, the forward button has been removed entirely.

5. WhatsApp Status

For many years, WhatsApp status (a short text line) was the only way to let others know what you were up to. This feature later evolved into WhatsApp Status, which is essentially a clone of Instagram’s popular Stories feature.

Instagram is designed for public sharing, though you can make your profile private if you wish. WhatsApp, on the other hand, is a more private service, typically used for communicating with friends and family. You might expect WhatsApp Status to be private as well.

However, that’s not the case. Anyone in your WhatsApp contact list can view your status. Fortunately, you can control who sees your status.

Go to Settings > Account > Privacy > Status to choose from three privacy options:

  • My contacts
  • My contacts except…
  • Only share with…

While WhatsApp doesn’t give a clear answer about whether blocked contacts can see your status, the good news is that blocked contacts cannot view your status, regardless of your privacy settings. Like Instagram Stories, any photos or videos you add to your status will disappear after 24 hours.

Is WhatsApp Safe?

After reading this article, you might be wondering, “Is WhatsApp safe to use?” The answer isn’t simple. On one hand, WhatsApp uses end-to-end encryption, which suggests a high level of security. On the other hand, there are issues—most notably, WhatsApp is owned by Facebook and inherits many of the privacy and misinformation problems associated with its parent company.

Leave a Reply