WhatsApp , the messaging platform owned by Facebook, is one of the most popular messaging apps in the world. It is estimated that more than one billion people use the app and send more than 65 billion messages a day. It’s no wonder then that security issues, malware threats, and spam have started to appear. Here you will find everything you need to know about WhatsApp security threats.
1. WhatsApp web malware
WhatsApp’s huge user base makes it an obvious target for cybercriminals, many of whom target WhatsApp Web. For years, WhatsApp has allowed you to open a website or download a desktop application, scan a code with the application on your mobile, and use WhatsApp on your computer.
The app store on your phone, the App Store on iOS and Google Play on Android, are regulated more carefully than the Internet in general. When you search for WhatsApp in those stores, it is usually clear which application is the official one. That is not true for the Internet in general.
Criminals, hackers and scammers have taken advantage of this. There have been cases of attackers masquerading as malicious software such as WhatsApp desktop applications. If you are unlucky enough to have downloaded one of these, the installation may distribute malware or put your computer at risk.
In some cases, hackers were able to install WhatsApp spyware due to a vulnerability.
Other WhatsApp threats take a different approach, creating phishing websites to trick you into giving up personal information. Some of these website’s masquerade as WhatsApp Web and ask you to enter your phone number to connect to the service. However, they actually use that number to bombard you with spam or correlate it with other leaked or hacked data on the internet.
To be safe, the best way to stay safe is to only use apps and services from official sources. WhatsApp offers a web client for you to use on any computer, known as WhatsApp Web. There are also official apps for Android, iPhone, macOS, and Windows devices.
2. Unencrypted backups
The messages you send on WhatsApp are end-to-end encrypted. This means that only your phone and the recipient’s phone can decode them. The feature prevents your messages from being intercepted during transmission, even by Facebook themselves. However, this does not protect them once they are decrypted on your mobile.
WhatsApp allows you to back up your messages and media on Android and iOS. This is an essential feature as it allows you to recover accidentally deleted WhatsApp messages. There is a local backup on your mobile as well as a cloud-based backup. On Android, you can back up your WhatsApp data to Google Drive.
The backup file stored in Google Drive not encrypted. As this file contains decrypted versions of all your messages, it is theoretically vulnerable and undermines WhatsApp’s end-to-end encryption.
Since you have no other choice in the backup location, you are at the mercy of cloud providers to keep your data safe. Although no large-scale hacks have affected Google Drive to date, that doesn’t mean they aren’t WhatsApp threats.
3. Share data on Facebook
Facebook has come under a lot of criticism in recent years. One such criticism is Facebook’s effective market monopoly and anti-competitive actions. Regulators try to minimize anti-competitive behaviour by evaluating any acquisition attempt.
They also stated that none of your information would be publicly visible on Facebook, implying that it would instead be hidden on your inaccessible Facebook profile. Following the reaction to this announcement, WhatsApp allowed users to opt out of this data sharing agreement. However, in the intervening years, they quietly eliminated this option.
4. Hoaxes and fake news
In recent years, social media companies have come under fire for allowing fake news and misinformation to spread on their platforms. Facebook, in particular, has been condemned for its role in spreading misinformation during the 2016 US presidential campaign. WhatsApp has also been subject to those same forces, being one of WhatsApp’s main threats to users.
Two of the most notable cases have occurred in India and Brazil. WhatsApp implicated in the widespread violence that occurred in India during 2017 and 2018. Messages containing fabricated child abduction details forwarded and disseminated on the platform, personalized with local information. These messages were widely shared on people’s networks and resulted in the lynching of those accused of these bogus crimes.
In Brazil, WhatsApp was the main source of fake news during the 2018 elections. Because this type of misinformation was so easy to spread, businessmen in Brazil established companies that created illegal WhatsApp misinformation campaigns against candidates. They were able to do this since their phone number is their username on WhatsApp, so they bought lists of phone numbers to target.
Both problems continued into 2018, a year that was infamously terrible for Facebook. Digital disinformation is a difficult problem to tackle, but many viewed WhatsApp’s response to these events as apathetic.
However, the company implemented some changes. WhatsApp put limits on forwarding, so you can only forward to five groups, instead of the previous limit of 250. The company also removed the forwarding shortcut button in various regions.
Despite these interventions, at the beginning of the COVID-19 pandemic, WhatsApp used to share misinformation about the virus. In April 2020, blackouts set around the world, so people were relying on the internet for news, even more than usual.
Once again, Facebook implemented forwarding limits to prevent the spread of incorrect or false information. Similarly, they worked with health authorities and organizations around the world to develop WhatsApp chatbots so that people could easily access reliable information about the pandemic.
Both scenarios, the political events of 2018 and the COVID-19 pandemic, affected by the same problems; false information that sent to multiple people. Since the company claimed to have resolved this issue in 2018, it is unclear whether they quietly removed forwarding limits, resulting in pandemic-related misinformation, or whether the 2018 interventions were ineffective.
5. WhatsApp status
For many years, WhatsApp’s status feature – a short line of text – was the only way to convey what you were doing at the time. This morphed into WhatsApp Status, a clone of the popular Instagram Stories feature.
Instagram is a platform that designed to be public, although you can make your profile private if you wish. Whats App, on the other hand, is a more intimate service, used to communicate with friends and family. Therefore, you can assume that sharing a status on WhatsApp is also private.
However, that is not the case. Anyone in your Whats App contacts can see your status. Fortunately, it is quite easy to control who you share your status with.
Go to Settings> Account> Privacy> Status and you will be shown three privacy options for your status updates:
- My contacts
- My contacts except
- Share only with
Despite this simplicity, WhatsApp doesn’t make it clear whether your blocked contacts can see your status. However, the company has done the sensible thing and your blocked contacts cannot see your status regardless of your privacy settings. As with Instagram Stories, all videos and photos added to your status will disappear after 24 hours.
Is WhatsApp safe?
So, is it safe to use WhatsApp? It is a confusing platform. On the one hand, the company implemented end-to-end encryption in one of the most popular applications in the world; a definite safety advantage.
However, there are many WhatsApp security threats. One of the main problems is that it is owned by Facebook and suffers from many of the same privacy dangers and disinformation campaigns as its parent company.