WhatsApp Security: 5 Scams, Threats, and Risks You Should Know About

By Ava McKinneyOnline Safety

WhatsApp Security: 5 Scams, Threats, and Risks You Should Know About

WhatsApp, the messaging platform owned by Facebook, is one of the most popular messaging apps in the world. More than a billion people use it, sending over 65 billion messages every day. This massive popularity attracts cybercriminals, leading to security issues, malware, and spam.

1. Malware Targeting WhatsApp Web

WhatsApp’s huge user base makes it a prime target for cybercriminals, many of whom focus on WhatsApp Web. Users can access WhatsApp on their computers by visiting the website or downloading the desktop app, scanning a code with their phone, and using WhatsApp on their PC.

App stores like the iOS App Store or Google Play Store are more strictly regulated than websites. When searching for WhatsApp in these stores, it’s clear which app is official. Unfortunately, the same can’t be said for the web.

Cybercriminals create and distribute fake WhatsApp desktop apps containing malware. Downloading a malicious app puts your computer at risk. In some cases, hackers have managed to install WhatsApp spyware by exploiting vulnerabilities in the app.

Another tactic is creating phishing websites that trick users into giving up personal information. These sites, disguised as WhatsApp Web, ask for your phone number to “connect” to the service. In reality, attackers use your number to spam you or match it with other leaked or hacked data online.

The best way to stay safe is to use apps and services only from official sources. WhatsApp offers the official WhatsApp Web client for any computer, as well as official apps for Android, iPhone, macOS, and Windows.

2. Unencrypted Backups

Messages you send on WhatsApp are protected by end-to-end encryption. Only the sender’s and recipient’s devices can decode them, preventing interception—even by Facebook. However, once messages are decrypted on your device, they’re no longer protected.

WhatsApp allows you to back up your messages and media on Android and iOS. This is important for recovering accidentally deleted messages. In addition to a local backup on your device, Android users can back up WhatsApp data to Google Drive, while iPhone users use iCloud. These backups contain decrypted versions of your messages.

The backup file stored in iCloud or Google Drive is not encrypted. Since it contains all your decrypted messages, it’s theoretically vulnerable and undermines WhatsApp’s end-to-end encryption.

You can’t choose where your backup is stored and must rely on cloud service providers for security. While there haven’t been any major hacks affecting iCloud or Google Drive so far, it’s still possible. Attackers have tools to access users’ cloud storage accounts.

One supposed benefit of encryption is preventing government and law enforcement access to your data. But since unencrypted backups are stored with U.S.-based cloud providers, authorities can easily access your messages with a warrant.

3. Data Sharing with Facebook

In recent years, Facebook has faced criticism for monopolistic and anti-competitive practices. Regulators have tried to minimize this behavior by closely monitoring acquisitions.

When Facebook acquired WhatsApp in 2014, the European Union approved the deal only after Facebook promised to keep the companies’ data separate.

It didn’t take long for Facebook to change course. In 2016, WhatsApp updated its Privacy Policy to allow data sharing with Facebook, including your phone number and last usage time. This data sharing puts WhatsApp messages at risk.

Facebook assured users that their data wouldn’t be publicly visible and would be stored in a hidden Facebook profile. Over the years, Facebook has made changes to simplify data sharing and introduced a new Privacy Policy, but users and regulators have pushed back.

After the 2016 update, users could opt out of cross-platform data sharing, but this option was quietly removed. In 2019, Facebook announced plans to merge its messaging platforms. By late 2020, Messenger and Instagram Direct were linked.

In January 2021, Facebook released a new data sharing policy for WhatsApp, stating that user information would be shared between the messaging app and the social network. After user backlash, Facebook said it would limit WhatsApp’s features for those who didn’t agree. As of June 2021, Facebook has softened these restrictions but still encourages users to accept the new rules.

4. Scams and Fake News

In recent years, social media companies have been criticized for spreading fake news and misinformation. Facebook, in particular, was accused of spreading misinformation during the 2020 U.S. presidential campaign. WhatsApp has faced similar criticism.

Two of the most notable cases occurred in India and Brazil. In India, WhatsApp was linked to mass violence in 2017 and 2018, when messages with fabricated details about child abductions were widely forwarded, sparking hate and leading to lynchings of people falsely accused of crimes.

In Brazil, WhatsApp was the main source of fake news during the 2018 elections. Misinformation spread so easily that business owners created companies to run illegal disinformation campaigns against candidates, buying phone number lists and sending targeted messages.

Both issues happened in 2018, a notorious year for Facebook. Digital misinformation is a complex problem, but many believe WhatsApp’s response was inadequate and indifferent.

After these incidents, WhatsApp made some changes. It limited message forwarding to five groups instead of the previous 250 and removed the quick-forward button in some regions.

Despite these fixes, during the early stages of the COVID-19 pandemic, WhatsApp was used to spread misinformation about the virus. In April 2020, as lockdowns were imposed worldwide, people searched for information online, and misinformation spread rapidly.

Facebook responded by reintroducing forwarding limits to prevent the spread of false information. The company also worked with authorities and health organizations to develop WhatsApp chatbots that provided reliable pandemic information.

Both the political events of 2018 and the COVID-19 pandemic were fueled by the same problem: false information being forwarded to many people at once. Given that Facebook supposedly addressed this in 2018, it’s unclear why pandemic misinformation was still possible. Perhaps forwarding limits were quietly lifted, or the 2018 fixes were ineffective.

5. WhatsApp Status

For years, WhatsApp’s status feature—a short text line—was the only way for users to share what they were up to. It later evolved into WhatsApp Status, a clone of Instagram Stories.

Instagram is designed for public sharing, though you can make your profile private. WhatsApp, on the other hand, is a more personal service for communicating with friends and family. It would seem logical that sharing your WhatsApp Status would also be private.

However, that’s not the case. Any of your WhatsApp contacts can view your status. Fortunately, you can control who sees your Status updates.

Go to Settings > Account > Privacy > Status to find three privacy options for your status updates:

  • My contacts
  • My contacts except…
  • Only share with…

Note that blocked contacts can’t view your status, regardless of your privacy settings. Like Instagram Stories, any videos or photos you add to your status disappear after 24 hours.

Is WhatsApp Safe?

So, is it safe to use WhatsApp? WhatsApp is a complicated platform. On one hand, the company implemented end-to-end encryption in one of the world’s most popular apps, which is a major security improvement.

However, WhatsApp still has many other security issues. Since joining the “Facebook family,” WhatsApp has suffered from the same privacy threats and disinformation campaigns as its parent company.

Author: James Frew

Leave a Reply