How private is whatsapp


Who Can Access My Whatsapp Chats? Is The Platform Still Safe?

WhatsApp chats are protected by end-to-end encryption, which means no one can see your messages except the people you share them with.

New IT rules, applicable to large social media platforms, including WhatsApp, Twitter, and Facebook, that came into force on May 26 have left many users in a fix. Many social media behemoths have voiced concerns over privacy and freedom of expression, while they have fully or partially complied with the new IT rules. A general apprehension among users is whether their chats and content shared over the medium are secure or not.  


WhatsApp has moved the Delhi High Court against the government over one of the new rules that require the identification of the originator of a flagged message. The instant messaging platform has alleged that tracing private messages would break end-to-end encryption and violate the citizens’ right to privacy. 

Also Read: Google, Facebook, WhatsApp comply with new IT rules, Twitter remains defiant

With the row over privacy taking centre stage, many users across the country are wondering whether they should continue to use WhatsApp and if the government or the messaging app is keeping a tab over their private conversations.

Here are some key questions about WhatsApp row answered:

Can WhatsApp see my personal chats? 

Earlier, amid concerns over its revised privacy policy, WhatsApp clarified that it cannot see people’s personal messages or hear their calls, and neither can Facebook.

Can the government see my private chats? 

WhatsApp chats are protected by end-to-end encryption, which means no one can see your messages except the people you share them with.

I have received offensive content on WhatsApp. Am I in trouble? 

As per one of the new digital rules, the government wants WhatsApp and other major social media firms to identify the originator of a message who may have shared offensive content.  

“The originator of information can only be traced in a scenario where other remedies have proven to be ineffective, making the same the last resort measure,” the government has clarified. 

So, as long as you don’t start a message containing sexually explicit material or child sexual abuse material or content that may have a negative impact on the sovereignty, integrity, and security of the country, you have nothing to worry about.  

Will WhatsApp be banned? 

The government has warned that if social media firms fail to comply with new rules, they will take action. There is no word yet about what happens next. As for now, WhatsApp has complied with the rules and is working just fine. 

It has however moved the Delhi High Court against the rules concerning the identification of the originator of a message. 

What does the red tick on WhatsApp mean? 

A message has been doing rounds on WhatsApp and other social media platforms, that claims three red ticks on WhatsApp show that the government has initiated court proceedings against you.

"Two blue ticks and one red tick means the government can take action, while three red ticks will mean the government has started court proceedings against you," the viral message reads. 

Well, the message is fake. You need not pay heed to it as WhatsApp has implemented no such measure in their app.

Check out our in-depth Market Coverage, Business News & get real-time Stock Market Updates on CNBC-TV18. Also, Watch our channels CNBC-TV18, CNBC Awaaz and CNBC Bajar Live on-the-go!

Is WhatsApp Safe? What to Know to Keep Your Data Secure

  • WhatsApp is relatively safe thanks to end-to-end encryption on all chats, which makes it a highly secure messaging app.
  • Your WhatsApp data is vulnerable if you don't encrypt your WhatsApp backup; you can enable that with just a few taps.
  • A previous group chat vulnerability, which made private chats discoverable via a Google search, has been resolved for over two years.

With about 2 billion monthly active users, WhatsApp is the single most active and popular mobile messenger app. That kind of popularity tends to make software vulnerable, which means there's good reason to wonder if WhatsApp is safe and secure or if it's risky to use the service.

The short answer: No messaging system is without vulnerabilities. But even so, WhatsApp is generally considered a secure messaging platform thanks its built-in end-to-end encryption. 

Is WhatsApp safe?

"Any social media platform has security risks, and every platform has hackers attempting to break through its security measures," says Kristen Bolig, CEO at SecurityNerd. 

But unlike many similar messaging platforms, WhatsApp is built with strong end-to-end encryption. 

"Any messages sent between any users are fully encrypted, so the only people able to decode them are the sender and recipient — not even WhatsApp. So even if hackers intercept a message, they aren't able to decode it," Bolig says. 

In principle, no one can decrypt the data at any point in the communication process, which is much more robust security than you'll find in apps like Snapchat, Instagram, and Twitter.

How to keep your WhatsApp data secure

There is a notable caveat, though. Critically, your data, including chat and voice calls, are only secure and encrypted within the WhatsApp chat ecosystem. Both Android and iPhone devices can back up app data — that's handy in case you need to restore data to a new device.

But by default, this backup is not encrypted. If your backup on iCloud or Google Drive is hacked, your WhatsApp data is vulnerable. There is a solution, though: It's possible to encrypt your backups, though this option is disabled by default. To keep your WhatsApp data fully secure, you should enable encryption for your WhatsApp backups.

1. Start the WhatsApp app.

2. If you have an iPhone, tap Settings at the bottom right. On Android, tap the three-dot menu at the top right and choose Settings in the dropdown menu.

3. Tap Chats.

4. Tap Chat Backup.

5. Tap End-to-end Encrypted Backup and then tap Turn On.    

By default, encrypted backups in WhatsApp are turned off. Dave Johnson

In addition, as with any online platform, WhatsApp has a vulnerability in potential incursion from spam messages. For more information and a few security suggestions, see our guide on ways to spot WhatsApp spam and stop it from reaching you.

A previous security risk of WhatsApp group chats

You might have heard about another risk to your WhatsApp data — this one related to WhatsApp group chats. In 2020, it was discovered that Google indexed links to WhatsApp group chats, which meant that it wasn't necessary to have the private code to join a chat; it was instead possible to find and join group chats on WhatsApp simply by performing a targeted Google search. 

This sounds alarming but it is not as serious as it might at first seem. When someone joins a WhatsApp group chat, for example, everyone in the group is notified, so it's not possible for a stranger to lurk. "An admin can always change or revoke the group invite link if they see it has been compromised," says Leslie Radka, founder of GreatPeopleSearch.  

But more importantly, this leak was plugged quickly. Within days of this vulnerability's disclosure in March 2020, "WhatsApp began to include the noindex tag on these pages, which excludes them from indexing," Radka says. The result: The vulnerability was patched and group chats are no longer discoverable on search engines. There are currently no known security issues that affect WhatsApp users along these lines.   

Dave Johnson

Freelance Writer

Dave Johnson is a technology journalist who writes about consumer tech and how the industry is transforming the speculative world of science fiction into modern-day real life. Dave grew up in New Jersey before entering the Air Force to operate satellites, teach space operations, and do space launch planning. He then spent eight years as a content lead on the Windows team at Microsoft. As a photographer, Dave has photographed wolves in their natural environment; he's also a scuba instructor and co-host of several podcasts. Dave is the author of more than two dozen books and has contributed to many sites and publications including CNET, Forbes, PC World, How To Geek, and Insider.

Read moreRead less

Why WhatsApp will never be secure / Sudo Null IT News

Columnist Pavel Durov, founder of the Telegram messenger

The world seems shocked by the news that WhatsApp has turned any phone into a tracking device. Everything on your phone, including photos, emails and texts, was accessible to attackers just because you have WhatsApp installed.

However, this news did not surprise me. Last year, WhatsApp had to admit to a very similar problem - a hacker could access all of your phone's data through a single video call.

Every time WhatsApp fixes a critical vulnerability in its app, a new one appears in its place. All security issues are well suited for surveillance, they look and work like backdoors.

Unlike Telegram, WhatsApp does not open source, so security researchers cannot easily check for backdoors. WhatsApp not only does not publish the code, they do the exact opposite: WhatsApp deliberately obfuscates the binaries of their applications so that no one can carefully examine them.

Perhaps WhatsApp and its parent company Facebook are even required to implement backdoors - through secret processes such as secret orders from the FBI. It's not easy to run a secure messenger while in the US. During the week our team spent in the United States in 2016, FBI agents tried to infiltrate us three times. Imagine what will happen to an American company in 10 years of operating in such an environment.

I understand that the security forces justify installing backdoors as an anti-terrorist effort. The problem is that such backdoors can also be used by criminals and authoritarian governments. No wonder dictators seem to love WhatsApp. The lack of security allows them to spy on their citizens, which is why WhatsApp is not blocked in countries like Russia or Iran, where Telegram is banned by the authorities.

In fact, my work on Telegram was a direct response to personal pressure from the Russian authorities. Then, in 2012, WhatsApp was still transmitting messages in clear text. This is madness. Not only governments or hackers, but also mobile providers and WiFi administrators had access to all WhatsApp texts.

WhatsApp later added some encryption, which quickly turned out to be a marketing gimmick: the key to decrypt messages was available to at least a few governments, including Russia. Then, as Telegram began to gain popularity, the founders of WhatsApp sold their company to Facebook and said they had “privacy built into their DNA.” If this is true, then this is probably a dormant or recessive gene.

Three years ago, WhatsApp announced that they had implemented end-to-end encryption so "no third party can access messages." This coincided with an aggressive call for all users to back up their chats to the cloud. However, WhatsApp did not tell users that, when backed up, messages are no longer end-to-end encrypted and could be accessed by hackers and law enforcement. Brilliant marketing that has resulted in some naive people now serving prison terms.

Those who didn't fall for the constant pop-ups advising to back up their chats can still be tracked down with a number of tricks, from accessing contacts backups to subtle changes to the encryption key. WhatsApp user-generated metadata — logs describing who is talking to whom and when — is leaked to all agencies in large volumes through the parent company. In addition, you get a set of critical vulnerabilities that replace each other.

WhatsApp has a stable and consistent history, from zero encryption at creation to current vulnerabilities oddly suited for surveillance purposes. Looking back, there has not been a single day in their ten year history when this service was secure. That's why I don't think just updating the WhatsApp mobile app will make it secure. To become a privacy-focused service, WhatsApp must risk losing entire markets and clash with authorities in its own country. They don't seem ready for this.

The founders of WhatsApp left the company last year due to privacy concerns. They are definitely bound either by secret orders or by the NDA, so they cannot publicly discuss backdoors without risking losing their fortune and freedom. However, they were able to admit that they "sold the privacy of their users."

I can understand the reluctance of the WhatsApp founders to provide more details - it's not easy to compromise your comfort. Several years ago, I had to leave my country after refusing to comply with government-sanctioned violations of the privacy of VKontakte users. It was unpleasant. But will I do something like this again? With pleasure. Each of us will die sooner or later, but we, as a species, will stay here for a while. That is why I think that the accumulation of money, fame or power does not matter. Serving humanity is the only thing that really matters in the long run.

And yet, despite our intentions, I feel like we've failed humanity in this whole WhatsApp spy story. Many people can't stop using WhatsApp because their friends and family are still there. This means that we at Telegram have done a poor job of convincing people to switch. Although we have attracted hundreds of millions of users over the past five years, this has not been enough. Most internet users are still held hostage by the Facebook/WhatsApp/Instagram empire. Many of those who use Telegram are also on WhatsApp, meaning their phones are still vulnerable. Even those who have completely given up on WhatsApp are probably using Facebook or Instagram, both of which think it's okay to store your passwords in cleartext (I still can't believe a tech company is capable of doing something like this and quit dry from water).

In nearly six years of its existence, Telegram has not experienced the major data breaches or security flaws that WhatsApp exhibits every few months. In the same six years, we have disclosed exactly zero bytes of data to third parties, while Facebook/WhatsApp shares any information with almost anyone who claims to work for the government.

Few people outside of the Telegram fan community realize that most of the new messaging features first appear on Telegram and then copied by WhatsApp down to the smallest detail. More recently, we witnessed Facebook's attempt to borrow the entire philosophy of Telegram, with Zuckerberg suddenly stating the importance of privacy and speed, quoting the description of the Telegram app almost word for word in his F8 speech.

But whining about FB's hypocrisy and lack of creativity won't help. We have to admit that Facebook is executing an effective strategy. Look what they've done with Snapchat.

We at Telegram must acknowledge our responsibility in shaping the future. It's either us or the Facebook monopoly. Either freedom and privacy, or greed and hypocrisy. Our team has been competing with Facebook for the past 13 years. We already beat them once, in the Eastern European social media market. We will beat them again in the global messaging market. We should.

It won't be easy. The Facebook marketing department is huge. And we at Telegram do not do marketing. We don't want to pay journalists and researchers to tell the world about Telegram. To do this, we rely on you - our millions of users. If you like Telegram enough, you will tell your friends about it. And if every Telegram user persuades three of their friends to delete WhatsApp and use Telegram permanently, then Telegram will already become more popular than WhatsApp.

The age of greed and hypocrisy will end. The era of freedom and privacy will begin. She's much closer than she looks.

How secure is WhatsApp

When you install the WhatsApp messenger on your smartphone, the application asks you to confirm your phone number, import existing contacts, and, importantly, agree to the processing of personal data.

The logical question is, how safe is it to give a regular application such wide access to personal information? Cybersecurity experts are skeptical of WhatsApp developers' initiatives to process and store user data. Let's see why this messenger is not recommended for those who care about their own privacy and anonymity.

WhatsApp encryption

WhatsApp uses end-to-end encryption to protect all kinds of data used in the application. The messenger’s encryption algorithm and keys not only make it impossible to decrypt messages transmitted by users, but, according to WhatsApp management, prevent third parties and even government intelligence agencies from intercepting calls and reading users’ correspondence.

In addition to the encryption feature, WhatsApp allows users to fine-tune their privacy settings, including visibility of their status and profile to other messenger users.

How secure is WhatsApp?

Cybersecurity experts say "not 100%." Yes, end-to-end encryption makes WhatsApp more secure than other instant messaging software. However, like any application, WhatsApp is often targeted by sophisticated digital attackers (hackers).

Please note that by agreeing to the WhatsApp privacy policy, you voluntarily give the messenger access to your contact list and the ability to track your online activity, i.e. in what places (geolocation) and for how long you use WhatsApp. This, to some extent, puts your confidentiality and integrity of personal information at risk. And in the modern world, personal data is a valuable commodity, especially among various scammers and annoying advertisers.

WhatsApp security issues

In May 2019, hackers discovered that it was possible to infect users' phones with spyware by calling potential victims via WhatsApp. And although the developers of the messenger quickly fixed the software error, the personal data of a certain number of users still "leaked" to the network.

What's more, WhatsApp collects and stores information about all your online activity through the app. And although the WhatsApp management verbally denies its politicization and the possibility of interacting with the authorities of different countries, there are several facts confirming that the popular messenger transferred user data to the secret services at their request.

How can WhatsApp users protect themselves?

To protect your phone and keep personal information private from prying eyes, we recommend using a virtual private network (VPN).

VPN is based on technology that allows you to anonymously access your favorite sites or use your favorite applications from virtual IP addresses, bypassing the server of your Internet provider.

Such a mechanism for accessing the Internet excludes the theft of personal data by any of the methods available today.


Learn more