WhatsApp Violates Privacy Law Over Phone Contacts: Report
By Vijaykumar Meti | January 29, 2013 10:35 PM EST
The popular mobile messaging app, WhatsApp seems to violate the Canadian and Dutch privacy laws by forcing many of its users to provide access to their entire address book.
The application allows users to send billions of text messages to their contacts over the internet without incurring SMS charges. It is the third-most popular paid app in the iTunes store, which sells for 99 cents and surpassed 100 million downloads on Google Play last year. It is available for free on Android and BlackBerry, while users are charged 99 cents per year for subscription after the first year of free usage.
The Office of the Privacy Commissioner of Canada (OPC) and the Dutch Data Protection Authority (College bescherming persoonsgegevens, (CBP)) has released their findings from a collaborative investigation into the handling of personal information by WhatsApp Inc., the California-based mobile app developer.
"Our Office is very proud to mark an important world-first along with our Dutch counterparts, especially in light of today's increasingly online, mobile and borderless world," said Jennifer Stoddart, Privacy Commissioner of Canada. "Our investigation has led to WhatsApp making and committing to make further changes in order to better protect users' personal information."
The investigation revealed that WhatsApp allows Apple iPhone (iOS 6) users to add contacts manually instead of uploading their address book, whereas BlackBerry, Android, Windows users do not have the option to add contacts manually.
"The address book contains phone numbers of both users and non-users. This lack of choice contravenes (Dutch and Canadian) privacy law. Both users and non-users should have control over their personal data and users must be able to freely decide what contact details they wish to share with WhatsApp" said Jacob Kohnstamm, Chairman of the Dutch Data Protection Authority.
In addition to address book issue, the investigation also found many other privacy contraventions.
Messages sent using the app were unencrypted, leaving them prone to eavesdropping or interception, especially when messages were sent through unprotected Wi-Fi networks. In response to the investigation, the app introduced encryption in September 2012.
Over the course of the investigation, it was found that WhatsApp was generating passwords for message exchanges using device information that could be relatively easily exposed. This created the risk that a third-party may send and receive message in the name of users without their knowledge.
In response to the investigation findings, WhatsApp has committed to make changes in protecting users' privacy and also facilitate the manual addition of contacts, but is yet to announce a timeframe for enabling the changes.
To report problems or to leave feedback about this article, e-mail:
To contact the editor, e-mail: