Home » Misc » How safe is whatsapp app

How safe is whatsapp app


Is WhatsApp Safe? What to Know to Keep Your Data Secure

  • WhatsApp is relatively safe thanks to end-to-end encryption on all chats, which makes it a highly secure messaging app.
  • Your WhatsApp data is vulnerable if you don't encrypt your WhatsApp backup; you can enable that with just a few taps.
  • A previous group chat vulnerability, which made private chats discoverable via a Google search, has been resolved for over two years.

With about 2 billion monthly active users, WhatsApp is the single most active and popular mobile messenger app. That kind of popularity tends to make software vulnerable, which means there's good reason to wonder if WhatsApp is safe and secure or if it's risky to use the service.

The short answer: No messaging system is without vulnerabilities. But even so, WhatsApp is generally considered a secure messaging platform thanks its built-in end-to-end encryption.  

Is WhatsApp safe?

"Any social media platform has security risks, and every platform has hackers attempting to break through its security measures," says Kristen Bolig, CEO at SecurityNerd. 

But unlike many similar messaging platforms, WhatsApp is built with strong end-to-end encryption. 

"Any messages sent between any users are fully encrypted, so the only people able to decode them are the sender and recipient — not even WhatsApp. So even if hackers intercept a message, they aren't able to decode it," Bolig says. 

In principle, no one can decrypt the data at any point in the communication process, which is much more robust security than you'll find in apps like Snapchat, Instagram, and Twitter.

How to keep your WhatsApp data secure

There is a notable caveat, though. Critically, your data, including chat and voice calls, are only secure and encrypted within the WhatsApp chat ecosystem. Both Android and iPhone devices can back up app data — that's handy in case you need to restore data to a new device.

But by default, this backup is not encrypted. If your backup on iCloud or Google Drive is hacked, your WhatsApp data is vulnerable. There is a solution, though: It's possible to encrypt your backups, though this option is disabled by default. To keep your WhatsApp data fully secure, you should enable encryption for your WhatsApp backups.

1. Start the WhatsApp app.

2. If you have an iPhone, tap Settings at the bottom right. On Android, tap the three-dot menu at the top right and choose Settings in the dropdown menu.

3. Tap Chats.

4. Tap Chat Backup.

5. Tap End-to-end Encrypted Backup and then tap Turn On.    

By default, encrypted backups in WhatsApp are turned off. Dave Johnson

In addition, as with any online platform, WhatsApp has a vulnerability in potential incursion from spam messages. For more information and a few security suggestions, see our guide on ways to spot WhatsApp spam and stop it from reaching you.

A previous security risk of WhatsApp group chats

You might have heard about another risk to your WhatsApp data — this one related to WhatsApp group chats. In 2020, it was discovered that Google indexed links to WhatsApp group chats, which meant that it wasn't necessary to have the private code to join a chat; it was instead possible to find and join group chats on WhatsApp simply by performing a targeted Google search.  

This sounds alarming but it is not as serious as it might at first seem. When someone joins a WhatsApp group chat, for example, everyone in the group is notified, so it's not possible for a stranger to lurk. "An admin can always change or revoke the group invite link if they see it has been compromised," says Leslie Radka, founder of GreatPeopleSearch.  

But more importantly, this leak was plugged quickly. Within days of this vulnerability's disclosure in March 2020, "WhatsApp began to include the noindex tag on these pages, which excludes them from indexing," Radka says. The result: The vulnerability was patched and group chats are no longer discoverable on search engines. There are currently no known security issues that affect WhatsApp users along these lines.  

Dave Johnson

Freelance Writer

Dave Johnson is a technology journalist who writes about consumer tech and how the industry is transforming the speculative world of science fiction into modern-day real life. Dave grew up in New Jersey before entering the Air Force to operate satellites, teach space operations, and do space launch planning. He then spent eight years as a content lead on the Windows team at Microsoft. As a photographer, Dave has photographed wolves in their natural environment; he's also a scuba instructor and co-host of several podcasts. Dave is the author of more than two dozen books and has contributed to many sites and publications including CNET, Forbes, PC World, How To Geek, and Insider.

Read moreRead less

Is WhatsApp Safe? 5 Scams, Threats, and Security Risks to Know About

WhatsApp, the Meta-owned messaging platform, is one of the world’s most popular messaging apps. It is estimated that over one billion people use the app, sending over 65 billion messages per day.

It’s no surprise, then, that security concerns, malware threats, and spam have begun to appear on the platform. Here’s everything you need to know about WhatsApp’s most common security issues and scams.

1. WhatsApp Web Malware

WhatsApp’s enormous user base makes it an obvious target for cybercriminals, many of who focus on WhatsApp Web. For years, WhatsApp has allowed you to open a website, or download a desktop app, scan a code with the app on your phone, and use WhatsApp on your computer.

The app stores on phones—the App Store on iOS and Google Play Store on Android—are more carefully regulated than the internet at large. When you search for WhatsApp on those stores, it’s generally clear which app is the official one. That isn’t true of the wider internet.

Criminals, hackers, and scammers have all taken advantage of this. There have been instances of attackers passing off malicious software as WhatsApp desktop applications. If you are unfortunate enough to have downloaded one of these, the installation can distribute malware or otherwise compromise your computer.

In some cases, hackers were able to install WhatsApp spyware due to a vulnerability.

Others tried a different approach, creating phishing websites to trick you into handing over personal information. Some of these websites masquerade as WhatsApp Web, asking for you to enter your phone number to connect to the service. However, they actually use that number to bombard you with spam or correlate with other leaked or hacked data on the internet.

To be on the safe side, the best way to stay secure is to use only apps and services from official sources. WhatsApp offers a web client for you to use on any computer, known as WhatsApp Web, which you should only access through the WhatsApp website. There are also official apps for Android, iPhone, macOS, and Windows devices that you should use to avoid WhatsApp scams.

Download: WhatsApp for Android | iOS | macOS | Windows (Free)

2. Unencrypted Backups

The messages you send on WhatsApp are end-to-end encrypted. This means that only your device, and that of the recipient, can decode them. This feature prevents your messages from being intercepted during transmission, even by Meta itself. However, this doesn’t secure the messages once they are decrypted on your device.

WhatsApp allows you to back up your messages and media on Android and iOS. This is an essential feature as it allows you to recover accidentally deleted WhatsApp messages. There is a local backup on your device in addition to a cloud-based backup. On Android, you can back up your WhatsApp data to Google Drive. If you are using an iPhone, then your backup destination is iCloud. These backups contain decrypted messages from your device.

The backup file stored on iCloud or Google Drive is not necessarily encrypted. As this file contains decrypted versions of all your messages, it is theoretically vulnerable and undermines WhatsApp’s end-to-end encryption.

As you have no choice in a backup location, you are at the mercy of the cloud providers to keep your data secure. Although no large-scale hacks have affected iCloud or Google Drive to date, that doesn’t mean it isn’t possible. There are other means that attackers could use to gain access to your cloud storage accounts, too.

One of the supposed benefits of encryption is, for better or worse, being able to prevent government and law enforcement from accessing your data. As the unencrypted backup is stored on one of two US-based cloud storage providers, all it would take is a warrant, and the government could have unfettered access to your messages.

Thankfully, WhatsApp updated its service to include end-to-end encrypted chat backups. However, this setting is disabled by default. Go to Settings > Chats > Chat Backup > End-to-end Encrypted Backup and select Turn On to secure your WhatsApp backups. You'll need to create a password to protect your backups. However, remember that you won't be able to access your backups if you forget the password—WhatsApp can't restore it for you.

3. Facebook Data Sharing

Meta (formerly Facebook) has been the subject of much criticism in recent years. One of those criticisms is of the company’s effective market monopoly and anti-competitive actions. Regulators attempt to minimize anti-competitive behavior by evaluating any takeover attempts.

So in 2014, when Meta decided that it wanted to add WhatsApp to the “Meta Family,” the European Union (EU) only approved the deal after Meta assured it that the two companies, and their data, would be kept separate.

It didn’t take long for Meta to go back on this agreement. In 2016, WhatsApp updated its Privacy Policy to allow sharing of data from WhatsApp to Facebook at the time. Although it didn’t reveal the full extent of this data transfer, it included your phone number and your usage data, like when you last used the service. Your WhatsApp messages could be at risk because of this.

Despite assuring users that their data wouldn’t be publicly available on Facebook, the implication was that Meta would instead store it in Facebook’s inaccessible and hidden profile of you. In the years since, Meta has made changes to facilitate this data sharing.

Following the 2016 announcement, you could opt out of the cross-platform data sharing on WhatsApp, although this option was quietly removed sometime later. Then, in 2019, Meta announced plans to merge its messaging platforms. In late 2020, the first stages of this were put in place when the company linked Messenger with Instagram Direct.

In January 2021, Meta released a new data-sharing policy for WhatsApp, mandating the transfer of your information between the messaging app and social network. After users complained, the company then noted that it would limit WhatsApp’s features for anyone who doesn’t opt-in.

As of June 2021, Meta has once again softened these penalties, although it will still encourage users to opt in to the new policies.

4. Hoaxes and Fake News

In recent years, social media companies have been criticized for allowing fake news and misinformation to spread on their platforms. Meta, in particular, has been condemned for its role in spreading misinformation throughout the 2020 US Presidential campaign. WhatsApp has also been subject to those same forces.

Two of the most notable cases have been in India and Brazil. WhatsApp was implicated in the widespread violence that occurred in India during 2017 and 2018. Messages containing details of fabricated child abductions were forwarded and spread across the platform, customized with local information. These messages were widely shared across people’s networks and resulted in the lynching of those accused of these fake crimes.

In Brazil, WhatsApp was the primary source of fake news throughout the 2018 elections. As this kind of misinformation was so easy to spread, business people in Brazil set up companies that created misinformation campaigns against candidates enabled by the fact that WhatsApp is used for both business and personal communication.

They were able to do this as your phone number is your username on WhatsApp, so they purchased lists of phone numbers to target.

Both issues were ongoing through 2018, a year that was infamously terrible for Meta. Digital misinformation is a difficult problem to deal with, but many viewed WhatsApp’s response to these events as apathetic.

However, the company did implement a few changes. WhatsApp put limits on forwarding, so you can only forward to five groups, rather than the previous limit of 250. The company also removed the forwarding shortcut button in a number of regions, too.

Despite these interventions, early in the COVID-19 pandemic, WhatsApp was used to share misinformation about the virus. In April 2020, lockdowns were in place across the world, so people relied upon the internet for news, even more so than usual.

Once again, Meta implemented forwarding limits to prevent the spread of incorrect or false information. Similarly, it worked with authorities and health organizations worldwide to develop WhatsApp chatbots, so people could easily access reliable information on the pandemic.

Both scenarios—the 2018 political events and the COVID-19 pandemic—were affected by the same issues: false information being forwarded to multiple people. Due to this, the forwarding limits are permanent on the platform, which does help but is in no way a silver bullet in fighting fake news.

For many years, WhatsApp’s status feature, a brief line of text, was the only way for you to broadcast what you were doing at the time. This morphed into WhatsApp Status, a clone of the popular Instagram Stories feature.

Instagram is a platform that is designed to be public, although you can make your profile private if you choose. WhatsApp, on the other hand, is a more intimate service used for communicating with friends and family. So, you may assume that sharing a Status on WhatsApp is private, too.

However, that isn’t the case. Anyone in your WhatsApp contacts can view your Status. Fortunately, it is quite easy to control who you share your Status with. Navigate to Settings > Account > Privacy > Status (on Android, tap the three-dot menu in the top right and select Settings > Privacy > Status), and you’ll be shown three privacy choices for your Status updates:

  • My contacts
  • My contacts except
  • Only share with

Despite this simplicity, WhatsApp doesn’t make it clear if your blocked contacts can view your Status. However, the company has done the sensible thing, and your blocked contacts are unable to view your Status regardless of your privacy settings. As with Instagram Stories, any videos and photos added to your Status will disappear after 24 hours.

Despite the transient nature of the Status feature, remember that anyone who can view your updates can save a copy without your knowledge. WhatsApp doesn't have a built-in feature for saving Status updates, but anyone can do this by taking a screenshot, screen recording, using WhatsApp Status saving apps, and more.

As of writing, WhatsApp doesn't let you know if someone saves your update, so be careful not to share anything sensitive.

Is WhatsApp Safe?

So, is WhatsApp safe to use? WhatsApp is a confusing platform. On the one hand, the company implemented end-to-end encryption in one of the world’s most popular apps, a definite security upside. However, there are many WhatsApp security concerns.

One of the primary issues is that it is owned by Meta and suffers many of the same privacy dangers and misinformation campaigns as its parent company.

How secure is WhatsApp

When you install the WhatsApp messenger on your smartphone, the application asks you to verify your phone number, import existing contacts, and, importantly, agree to the processing of personal data.

The logical question is, how safe is it to give a regular application such wide access to personal information? Cybersecurity experts are skeptical of WhatsApp developers' initiatives to process and store user data. Let's see why this messenger is not recommended for those who care about their own privacy and anonymity.

WhatsApp encryption

WhatsApp uses end-to-end encryption to protect all kinds of data used in the application. The messenger’s encryption algorithm and keys not only make it impossible to decrypt messages transmitted by users, but, according to WhatsApp management, prevent third parties and even government intelligence agencies from intercepting calls and reading users’ correspondence.

In addition to the encryption feature, WhatsApp allows users to fine-tune their privacy settings, including visibility of their status and profile to other messenger users.

How secure is WhatsApp?

Cybersecurity experts say "not 100%." Yes, end-to-end encryption makes WhatsApp more secure than other instant messaging software. However, like any application, WhatsApp is often targeted by sophisticated digital attackers (hackers).

Please note that by agreeing to the WhatsApp privacy policy, you voluntarily give the messenger access to your contact list and the ability to track your online activity, i.e. in what places (geolocation) and for how long you use WhatsApp. This, to some extent, puts your confidentiality and integrity of personal information at risk. And in the modern world, personal data is a valuable commodity, especially among various scammers and annoying advertisers.

WhatsApp security issues

In May 2019, hackers discovered that it was possible to infect users' phones with spyware by calling potential victims via WhatsApp. And although the developers of the messenger quickly fixed the software error, the personal data of a certain number of users still "leaked" to the network.

What's more, WhatsApp collects and stores information about all your online activity through the app. And although the WhatsApp management verbally denies its politicization and the possibility of interacting with the authorities of different countries, there are several facts confirming that the popular messenger transferred user data to the secret services at their request.

How can WhatsApp users protect themselves?

To protect your phone and keep personal information private from prying eyes, we recommend using a virtual private network (VPN).

VPN is based on technology that allows you to anonymously access your favorite sites or use your favorite applications from virtual IP addresses, bypassing the server of your Internet provider.

Such a mechanism for accessing the Internet excludes the theft of personal data by any of the methods available today. All Internet traffic is securely encrypted and transmitted through a secure tunnel to one of the VPN provider's remote servers located in different parts of the world. You can change your virtual location by choosing a different access server, moving from, say, Russia to Malaysia in a second. Attackers simply will not keep up with tracking your activity!

Most VPN service providers allow users to evaluate the capabilities of their services and test one of the VPN applications for Android or iOS for free before deciding to purchase a permanent subscription.

Among other things, it is recommended that you keep your smartphone app and software (OS) up to date, make the most of your WhatsApp privacy settings and, if possible, never share valuable content with unfamiliar users.

Why WhatsApp will never be secure / Sudo Null IT News

Columnist Pavel Durov, founder of the Telegram messenger

The world seems shocked by the news that WhatsApp has turned any phone into a tracking device. Everything on your phone, including photos, emails and texts, was accessible to attackers just because you have WhatsApp installed.

However, this news did not surprise me. Last year, WhatsApp had to admit to a very similar problem - a hacker could access all of your phone's data through a single video call.

Every time WhatsApp fixes a critical vulnerability in its app, a new one appears in its place. All security issues are well suited for surveillance, they look and work like backdoors.

Unlike Telegram, WhatsApp does not open source, so security researchers cannot easily check for backdoors. WhatsApp not only does not publish the code, they do the exact opposite: WhatsApp deliberately obfuscates the binaries of their applications so that no one can carefully examine them.

Perhaps WhatsApp and its parent company Facebook are even required to implement backdoors - through secret processes such as secret orders from the FBI. It's not easy to run a secure messenger while in the US. During the week our team spent in the United States in 2016, FBI agents tried to infiltrate us three times. Imagine what will happen to an American company in 10 years of operating in such an environment.

I understand that the law enforcement agencies justify installing backdoors as an anti-terrorist effort. The problem is that such backdoors can also be used by criminals and authoritarian governments. No wonder dictators seem to love WhatsApp. The lack of security allows them to spy on their citizens, which is why WhatsApp is not blocked in countries like Russia or Iran, where Telegram is banned by the authorities.

In fact, my work on Telegram was a direct response to personal pressure from the Russian authorities. Then, in 2012, WhatsApp was still transmitting messages in clear text. This is madness. Not only governments or hackers, but also mobile providers and WiFi administrators had access to all WhatsApp texts.

WhatsApp later added some encryption, which quickly turned out to be a marketing gimmick: the key to decrypt messages was available to at least a few governments, including Russia. Then, when Telegram began to gain popularity, the founders of WhatsApp sold their company to Facebook and said that they had "privacy built into their DNA." If this is true, then this is probably a dormant or recessive gene.

Three years ago, WhatsApp announced that they had implemented end-to-end encryption so "no third party can access messages." This coincided with an aggressive call for all users to back up their chats to the cloud. However, WhatsApp did not tell users that, when backed up, messages are no longer end-to-end encrypted and could be accessed by hackers and law enforcement. Brilliant marketing that has resulted in some naive people now serving prison terms.

Those who didn't fall for the constant pop-ups advising to back up their chats can still be tracked down with a number of tricks, from accessing contacts backups to subtle changes to the encryption key. WhatsApp user-generated metadata — logs describing who is talking to whom and when — is leaked to all agencies in large volumes through the parent company. In addition, you get a set of critical vulnerabilities that replace each other.

WhatsApp has a stable and consistent history, from zero encryption at creation to current vulnerabilities oddly suited for surveillance purposes. Looking back, there has not been a single day in their ten year history when this service was secure. That's why I don't think just updating the WhatsApp mobile app will make it secure. To become a privacy-focused service, WhatsApp must risk losing entire markets and clash with authorities in its own country. They don't seem ready for this.

The founders of WhatsApp left the company last year due to privacy concerns. They are definitely bound either by secret orders or by the NDA, so they cannot publicly discuss backdoors without risking losing their fortune and freedom. However, they were able to admit that they "sold the privacy of their users."

I can understand the reluctance of the WhatsApp founders to provide more details - it's not easy to compromise your comfort. Several years ago, I had to leave my country after refusing to comply with government-sanctioned violations of the privacy of VKontakte users. It was unpleasant. But will I do something like this again? With pleasure. Each of us will die sooner or later, but we, as a species, will stay here for a while. That is why I think that the accumulation of money, fame or power does not matter. Serving humanity is the only thing that really matters in the long run.

And yet, despite our intentions, I feel like we have failed humanity in this whole WhatsApp spy story. Many people can't stop using WhatsApp because their friends and family are still there. This means that we at Telegram have done a poor job of convincing people to switch. Although we have attracted hundreds of millions of users over the past five years, this has not been enough. Most internet users are still held hostage by the Facebook/WhatsApp/Instagram empire. Many of those who use Telegram are also on WhatsApp, meaning their phones are still vulnerable. Even those who have completely given up on WhatsApp are probably using Facebook or Instagram, both of which think it's okay to store your passwords in cleartext (I still can't believe a tech company is capable of doing something like this and quit dry from water).

In nearly six years of its existence, Telegram has not experienced the major data breaches or security flaws that WhatsApp shows every few months. In the same six years, we have disclosed exactly zero bytes of data to third parties, while Facebook/WhatsApp shares any information with almost anyone who claims to work for the government.

Few people outside of the Telegram fan community realize that most of the new messaging features first appear on Telegram and then copied by WhatsApp down to the smallest detail. More recently, we witnessed Facebook's attempt to borrow the entire philosophy of Telegram, with Zuckerberg suddenly stating the importance of privacy and speed, quoting the description of the Telegram app almost word for word in his F8 speech.

But whining about FB's hypocrisy and lack of creativity won't help. We have to admit that Facebook is executing an effective strategy. Look what they've done with Snapchat.

We at Telegram must acknowledge our responsibility in shaping the future. It's either us or the Facebook monopoly. Either freedom and privacy, or greed and hypocrisy. Our team has been competing with Facebook for the past 13 years. We already beat them once, in the Eastern European social media market. We will beat them again in the global messaging market. We should.

It won't be easy. The Facebook marketing department is huge. And we at Telegram do not do marketing. We don't want to pay journalists and researchers to tell the world about Telegram. To do this, we rely on you - our millions of users. If you like Telegram enough, you will tell your friends about it. And if every Telegram user persuades three of their friends to delete WhatsApp and use Telegram permanently, then Telegram will already become more popular than WhatsApp.

Learn more