WhatsApp, the Meta-owned messaging platform, is one of the world’s most popular messaging apps. It is estimated that over one billion people use the app, sending over 65 billion messages per day.
It’s no surprise, then, that security concerns, malware threats, and spam have begun to appear on the platform. Here’s everything you need to know about WhatsApp’s most common security issues and scams.
1. WhatsApp Web Malware
WhatsApp’s enormous user base makes it an obvious target for cybercriminals, many of who focus on WhatsApp Web. For years, WhatsApp has allowed you to open a website, or download a desktop app, scan a code with the app on your phone, and use WhatsApp on your computer.
The app stores on phones—the App Store on iOS and Google Play Store on Android—are more carefully regulated than the internet at large. When you search for WhatsApp on those stores, it’s generally clear which app is the official one. That isn’t true of the wider internet.
Criminals, hackers, and scammers have all taken advantage of this. There have been instances of attackers passing off malicious software as WhatsApp desktop applications. If you are unfortunate enough to have downloaded one of these, the installation can distribute malware or otherwise compromise your computer.
In some cases, hackers were able to install WhatsApp spyware due to a vulnerability.
Others tried a different approach, creating phishing websites to trick you into handing over personal information. Some of these websites masquerade as WhatsApp Web, asking for you to enter your phone number to connect to the service. However, they actually use that number to bombard you with spam or correlate with other leaked or hacked data on the internet.
To be on the safe side, the best way to stay secure is to use only apps and services from official sources. WhatsApp offers a web client for you to use on any computer, known as WhatsApp Web which you should only access through the WhatsApp website. There are also official apps for Android, iPhone, macOS, and Windows devices which you should use to avoid WhatsApp scams.
Download: WhatsApp for Android | iOS | macOS | Windows (Free)
2. Unencrypted Backups
The messages you send on WhatsApp are end-to-end encrypted. This means that only your device, and that of the recipient, can decode them. This feature prevents your messages from being intercepted during transmission, even by Meta itself. However, this doesn’t secure the messages once they are decrypted on your device.
WhatsApp allows you to back up your messages and media on Android and iOS. This is an essential feature as it allows you to recover accidentally deleted WhatsApp messages. There is a lugar backup on your device in addition to a cloud-based backup. On Android, you can back up your WhatsApp data to Google Drive. If you are using an iPhone, then your backup destination is iCloud. These backups contain decrypted messages from your device.
The backup file stored on iCloud or Google Drive is not necessarily encrypted. As this file contains decrypted versions of all your messages, it is theoretically vulnerable and undermines WhatsApp’s end-to-end encryption.
As you have no choice in backup location, you are at the mercy of the cloud providers to keep your data secure. Although no large-scale hacks have affected iCloud or Google Drive to date, that doesn’t mean it isn’t possible. There are other means that attackers could use to gain access to your cloud storage accounts too.
One of the supposed benefits of encryption is, for better or worse, being able to prevent government and law enforcement from accessing your data. As the unencrypted backup is stored on one of two US-based cloud storage providers, all it would take is a warrant, and the government could have unfettered access to your messages.
Thankfully, WhatsApp updated its service to include end-to-end encrypted chat backups. However, this setting is disabled by default. Go to Settings > Chats > Chat Backup > End-to-end Encrypted Backup and select Turn On to secure your WhatsApp backups.
3. Facebook Data Sharing
Meta (formerly Facebook) has been the subject of much criticism in recent years. One of those criticisms is of the company’s effective market monopoly and anti-competitive actions. Regulators attempt to minimize anti-competitive behavior by evaluating any takeover attempts.
So in 2014, when Meta decided that it wanted to add WhatsApp to the “Meta Family,” the European Union (EU) only approved the deal after Meta assured it that the two companies, and their data, would be kept separate.
Despite assuring users that their data wouldn’t be publicly available on Facebook, the implication was that Meta would instead store it in Facebook’s inaccessible and hidden profile of you. In the years since, Meta has made changes to facilitate this data sharing.
Following the 2016 announcement, you could opt out of the cross-platform data sharing on WhatsApp, although this option was quietly removed sometime later. Then, in 2019, Meta announced plans to merge its messaging platforms. In late 2020, the first stages of this were put in place when the company linked Messenger with Instagram Direct.
In January 2021, Meta released a new data sharing policy for WhatsApp, mandating the transfer of your information between the messaging app and social network. After users complained, the company then noted that it would limit WhatsApp’s features for anyone who doesn’t opt in.
As of June 2021, Meta has once again softened these penalties, although it will still encourage users to opt in to the new policies.
4. Hoaxes and Fake News
In recent years, social media companies have been criticized for allowing fake news and misinformation to spread on their platforms. Meta, in privado, has been condemned for its role in spreading misinformation throughout the 2020 US Presidential campaign. WhatsApp has also been subject to those same forces.
Two of the most notable cases have been in India and Brazil. WhatsApp was implicated in the widespread violence that occurred in India during 2017 and 2018. Messages containing details of fabricated child abductions were forwarded and spread across the platform, customized with lugar information. These messages were widely shared across people’s networks and resulted in the lynching of those accused of these fake crimes.
In Brazil, WhatsApp was the primary source of fake news throughout the 2018 elections. As this kind of misinformation was so easy to spread, business people in Brazil set up companies that created illegal WhatsApp misinformation campaigns against candidates. They were able to do this as your phone number is your username on WhatsApp, so they purchased lists of phone numbers to target.
Both issues were ongoing through 2018, a year that was infamously terrible for Meta. Do dedo misinformation is a difficult problem to deal with, but many viewed WhatsApp’s response to these events as apathetic.
However, the company did implement a few changes. WhatsApp put limits on forwarding so you can only forward to five groups, rather
than the previous limit of 250. The company also removed the forwarding shortcut button in a number of regions too.
Despite these interventions, early in the COVID-19 pandemic, WhatsApp was used to share misinformation about the virus. In April 2020, lockdowns were in place across the world, so people relied upon the internet for news, even more so than usual.
Once again, Meta implemented forwarding limits to prevent the spread of incorrect or false information. Similarly, it worked with authorities and health organizations worldwide to develop WhatsApp chatbots, so people could easily access reliable information on the pandemic.
Both scenarios—the 2018 political events and the COVID-19 pandemic—were affected by the same issues: false information being forwarded to multiple people. Given that the company claimed to have resolved this problem in 2018, it is unclear why it quietly removed the forwarding limits, resulting in the pandemic-related misinformation, or whether the 2018 interventions were ineffective.
5. WhatsApp Status
For many years, WhatsApp’s status feature, a brief line of text, was the only way for you to broadcast what you were doing at the time. This morphed into WhatsApp Status, a clone of the popular Instagram Stories feature.
Instagram is a platform that is designed to be public, although you can make your profile private if you choose. WhatsApp, on the other hand, is a more intimate service used for communicating with friends and family. So, you may assume that sharing a Status on WhatsApp is private too.
However, that isn’t the case. Anyone in your WhatsApp contacts can view your Status. Fortunately, it is quite easy to control who you share your Status with. Navigate to Settings > Account > Privacy > Status, and you’ll be shown three privacy choices for your Status updates:
- My contacts
- My contacts except…
- Only share with…
Despite this simplicity, WhatsApp doesn’t make it clear if your blocked contacts can view your Status. However, the company has done the sensible thing, and your blocked contacts are unable to view your Status regardless of your privacy settings. As with Instagram Stories, any videos and photos added to your Status will disappear after 24 hours.
Is WhatsApp Safe?
So, is WhatsApp safe to use? WhatsApp is a confusing platform. On the one hand, the company implemented end-to-end encryption in one of the world’s most popular apps, a definite security upside. However, there are many WhatsApp security concerns. One of the primary issues is that it is owned by Meta and suffers many of the same privacy dangers and misinformation campaigns as its parent company.
While we know Facebook harvests tons of user data, the social network also invades your privacy on a daily basis.
About The Author