WhatsApp: Android Security Flaws 'Exaggerated'
By Pavithra Rathinavel | March 14, 2014 4:01 PM EST
WhatsApp has been criticized earlier this week for a published finding by Bas Bosschert, a tech consultant, saying hackers can access your chat history from the micro SD card of your Android phone. Click here, to read our detailed post on Bosschert's findings.
WhatsApp released a statement explaining the findings are inaccurate and overstated. TechCrunch posted the full statement from WhatsApp, take a look:
"We are aware of the reports regarding a "security flaw". Unfortunately, these reports have not painted an accurate picture and are overstated. Under normal circumstances the data on a micro SD card is not exposed. However, if a device owner downloads malware or a virus; their phone will be at risk. As always, we recommend WhatsApp users apply all software updates to ensure they have the latest security fixes and we strongly encourage users to only download trusted software from reputable companies. The current version of WhatsApp in Google Play was updated to further protect our users against malicious apps."
From the statement, one can say WhatsApp is shifting the focus on the problem from being about its own app, instead pinpoints that a phone could be at risk if one downloads malware from App Stores, which might potentially expose data stored on the micro SD card.
This brings the spotlight toward Android in general. This OS has proven to be an attracter for malware.
According to TechCrunch, 98 percent of all mobile malwares released in 2013 aimed at Android platform. The following comes from Kaspersky, "confirming both the popularity of this mobile OS and the vulnerability of its architecture."
Currently, there is no specific detail from Facebook as to exactly what "update" was made to WhatsApp to protect the users from potential security breaches. But Bosschert has confirmed the method he detailed in his blog still works with the latest app version.
Should the smartphone users be wary of such things or should companies that provide access to malicious apps must take necessary action?
To contact the editor, e-mail: