WhatsApp: Security Flaw Claims Are 'Overstated'


Reports circulated this week about how a major security flaw spotted in the popular messaging platform WhatsApp could make it possible for others to access your private chats. The company - which was recently acquired by Facebook for $16 billion - said the reports are "overstated" and haven't "painted an accurate picture."


According to security consultant Bas Bosschert (after posts first surfaced on the Hacker News message forum), it's possible for others to see and steal your private WhatsApp chats through downloaded Android apps. This is due to an alleged issue within WhatsApp's back-up functionality.



WhatsApp said users will only be at a security risk if they download a malicious app or come across a virus.


"Under normal circumstances the data on a microSD card is not exposed," WhatsApp said in a statement to Mashable. "However, if a device owner downloads malware or a virus, their phone will be at risk. As always, we recommend WhatsApp users apply all software updates to ensure they have the latest security fixes and we strongly encourage users to only download trusted software from reputable companies."


WhatsApp highlights that phones in general are at risk when they come across malicious apps and the issue isn't specific to its own service.


Earlier this week, Bosschert detailed on his website that when you use the app's built-in back-up mechanism - to prevent losing messages after uninstalling/reinstalling the app or moving them to a new device - WhatsApp uses the same encryption code to protect you and everyone else (instead of creating a unique key for each user).


The WhatsApp database is saved on your phone's microSD memory card, which can be read by any Android app if a user gives it access to do so. This is a common practice in the app space (apps that want to store non-secure data would be interested), so if an app asks for SD card access many, in theory, would grant it.


WhatsApp recently released the latest version of the app in Google Play "to further protect our users against malicious apps."


Best Regard Itbaba Group