WhatsApp: A Pivotal Flaw Could Expose Your Chat History
By Pavithra Rathinavel | March 12, 2014 6:04 PM EST
WhatsApp users should be wary when downloading Android apps, according to a Consultant from Netherlands.
According to Business Insider, if you don't pay close attention to an app's permissions before downloading and installing, your WhatsApp chat history might land in the hands of a hacker.
The application features push notifications to get messages instantly messages from friends, colleagues and family. Switch from SMS to exchange messages, pictures, audio notes and video messages with WhatsApp users for free.
Bas Bosschert, a Consultant, system admin and entrepreneur (as described in his blog), has more than 10 years of experience working with Linux and Unix. He noted how developers can deceive WhatsApp users into awarding access to their entire message history.
WhatsApp backs up messages (chat history) in your phone's SD card, so apps can easily access this information if granted permission to do so. This data can then be transferred to the developer/hacker's personal Web server.
His blog post elaborated how to create such apps. It also held a couple of screenshots to clarify the questions and doubts. He alleged anyone using his code (as described in his screenshots) on an Android game/app should extract WhatsApp user's chat history.
The user will not know that his data is being extracted. He can only see a loading screen when the game is started.
From the time Facebook acquired WhatsApp, we have been hearing more news pertaining to the security of WhatsApp messages. In the previous month, there was a WhatsApp outage, where users could not log into the application for hours. Later, WhatsApp cited a Network Issue as the reason for the cited outage.
Thijs Alkemade, a student at Utrecht University in the Netherlands said, WhatsApps' incoming and outgoing messages were encrypted with the "same key." This means if an attacker intercepts these messages, he or she can analyze them to cancel out the key and recover the plain text, according to Business Insider.
The easiest way to avoid any security violation is by asserting an app's source and paying close attention to the app's permissions and policies before downloading and installing.
To contact the editor, e-mail: