WhatsApp is one of the most popular messaging apps in the world, with over 2 billion users globally. However, there are ongoing concerns about the privacy and security of the platform.
What is WhatsApp?
WhatsApp is a cross-platform instant messaging app that allows users to send messages, photos, videos, documents and voice messages to other WhatsApp users. It was acquired by Facebook in 2014.
Some key features of WhatsApp include:
- End-to-end encryption for messages and calls
- Group chats with up to 256 participants
- Ability to send documents, locations, contacts etc.
- Voice and video calling
WhatsApp is popular globally thanks to its ease of use, flexibility and the fact that it is free to download and use (excluding data charges). As of early 2020, there were over 2 billion WhatsApp users worldwide.
Does WhatsApp have privacy risks?
There are some concerns about the privacy protections offered by WhatsApp:
Data collection
When you sign up for WhatsApp, you provide your mobile number, which is tied to your account. WhatsApp collects metadata about your account, such as your contacts, profile data, groups, location and more. This data is shared with Facebook (WhatsApp’s parent company) to improve infrastructure and delivery systems, combat spam, and for ads and product experiences across Facebook company products.
Backups on third-party services
WhatsApp encourages users to backup their message history to services like Google Drive and iCloud. However, this means your backed up messages are no longer protected by WhatsApp’s end-to-end encryption. Google and Apple can access and read your messages if required.
Third-party app integrations
WhatsApp allows third-party apps to access your messages and data for additional functionality. However, this means your data is shared with these external services, which may have unclear privacy protections.
Law enforcement access
WhatsApp will provide user data to law enforcement if legally required to do so in criminal investigations. This means your messages could be handed over to police or government authorities if WhatsApp receives a valid legal request.
Does WhatsApp have security risks?
In addition to privacy concerns, security experts have identified some potential security vulnerabilities with WhatsApp:
Encryption limits
While WhatsApp uses end-to-end encryption for messages, this encryption does not extend to all of WhatsApp’s features and functionalities. For example, WhatsApp backups on Google Drive and iCloud are not encrypted. Neither are some metadata elements like contacts and groups.
Security issues in Web/Desktop apps
Historically, WhatsApp’s desktop and web apps have been prone to security flaws that could allow account hijacking or malicious code injection. These apps lack the more rigorous security protections of WhatsApp’s mobile apps.
Fake news spread
WhatsApp has struggled to control the spread of fake news, misinformation and scams on its platform, particularly in India where hoax messages have led to mob lynchings.
Malicious links
Criminals have been known to send malicious links on WhatsApp that can infect phones with malware, steal data or lock devices for ransom.
Spam messages
WhatsApp has become a channel for spammers to send unsolicited commercial messages and advertisements, often from fake accounts.
WhatsApp’s response
In response to criticisms over privacy and security, WhatsApp has emphasized that it protects users in the following ways:
- Messages and calls are end-to-end encrypted by default
- WhatsApp cannot read users’ messages or listen to calls
- Users must opt-in to sharing additional data with Facebook
- There are controls to block users and control profile data visibility
- External third-party apps must be approved by WhatsApp
WhatsApp maintains that despite being owned by Facebook, it operates as a separate service with its own protections in place for user privacy and security.
Independent security audits
While WhatsApp says its service is secure, independent security researchers have identified vulnerabilities in the past. However, WhatsApp employs on-going security testing and bug bounty programs to identify and resolve potential exploits.
In 2020, WhatsApp completed an independent security audit by Protego Labs. The audit found no major flaws and concluded Protego Labs “continued to be impressed by the privacy and security measures” implemented by WhatsApp.
Tips to enhance WhatsApp privacy
If you’re concerned about privacy on WhatsApp, here are some tips to enhance your privacy settings and controls:
- Don’t back up your messages to a third-party cloud service
- Be cautious of linking WhatsApp to third-party apps
- Use two-factor authentication and a PIN code for extra security
- Frequently review and limit the visibility of your profile data
- Be wary of opening suspicious links or attachments
- Enable security notifications to stay informed of login attempts
Alternatives to WhatsApp
If you want a messaging app that prioritizes privacy and security, some alternative options include:
App | Privacy/Security Features |
---|---|
Signal | End-to-end encryption; minimal data collection |
Telegram | Encryption available for chats; secure chat options |
Threema | End-to-end encryption; anonymous IDs; zero data mining |
Wire | End-to-end encryption; ephemeral messages; perfect forward secrecy |
Conclusion
WhatsApp has faced ongoing criticism over its privacy policies and security track record. While WhatsApp says it protects user privacy and security, independent researchers continue to challenge those assertions by identifying vulnerabilities.
Ultimately, WhatsApp has more access to user data than some competitors. There are also risks associated with backups, third-party apps, fake news spread and malicious links. Users concerned about privacy may want to enable security options like two-factor authentication, be cautious of linking third-party apps, or consider alternative apps like Signal or Threema.
WhatsApp remains a convenient messaging app for most scenarios. But users uncomfortable with WhatsApp’s data sharing policies may find other privacy-focused options provide greater peace of mind.