Reception and criticism of WhatsApp security and privacy features

Last updated
Messaging with WhatsApp WhatsApp chatting.jpg
Messaging with WhatsApp

This article provides a detailed chronological account of the historical reception and criticism of security and privacy features in the WhatsApp messaging service.

Contents

2011

On May 20, 2011, an unidentified security researcher from the Netherlands under the pseudonym "WhatsappHack" published a method to hijack WhatsApp accounts using a flaw in the authentication process, to the Dutch websites Tweakers.net and GeenStijl. The method involved trying to log in to a person's account from another phone number and intercepting the verification text message that would be sent out. "WhatsappHack" provided methods to accomplish this on both Symbian and Android operating systems. One day after the publication of the articles, WhatsApp issued a patch to both the Android and Symbian clients. [36] [37] [38]

In May 2011, another security hole was reported which left communication through WhatsApp susceptible to packet analysis. WhatsApp communications data was sent and received in plaintext, meaning messages could easily be read if packet traces were available. [39]

2012

In May 2012 security researchers noticed that new updates of WhatsApp sent messages with encryption, [40] [41] [42] but described the cryptographic method used as "broken." [43] [44] In August of the same year, the WhatsApp support staff stated that messages sent in the "latest version" of the WhatsApp software for iOS and Android (but not BlackBerry, Windows Phone, and Symbian) were encrypted, but did not specify the cryptographic method. [45]

On January 6, 2012, an unknown hacker published a website that made it possible to change the status of any WhatsApp user, so long as the phone number associated with the user's account was known. On January 9, WhatsApp reported that it had resolved the problem. In reality, WhatsApp's solution had been to block the website's IP address, which had allowed a Windows tool to be made that could accomplish the same thing. This problem has since been resolved by the institution of an IP address check on currently logged-in sessions. [46] [47]

On September 14, 2012, Heise Security demonstrated how to use WhatsAPI to hijack any WhatsApp account. [48] Shortly afterward, WhatsApp threatened to initiate legal action against the developers of WhatsAPI, an open source project, and WhatsAPI temporarily took down their source code. [49] This, however, did not address the underlying security failure and Heise Security claimed they had been able to successfully repeat the hacking of WhatsApp accounts. The WhatsAPI team has since resumed active development. [50]

2013–2015

On March 31, 2013, the Saudi Arabia Communications and Information Technology Commission (CITC) issued a statement that mentioned possible measures against WhatsApp, among other applications, unless the service providers took serious steps to comply with monitoring and privacy regulations. [51] [ needs update ]

In February 2014, the Schleswig-Holstein Data Protection Authority  [ de ] advised against using WhatsApp, as the service lacked privacy protection such as end-to-end client-side encryption technology. [52] In late 2014, WhatsApp began its implementation of end-to-end encryption, which it finished in April 2016. [29]

A joint Canadian-Dutch government investigation was launched into several concerns over WhatsApp's compliance with security regulations. The primary concern of the investigators was that WhatsApp required users to upload their mobile phone's entire address book, including contact information for contacts who were not using WhatsApp, to be mirrored on WhatsApp's servers. While WhatsApp stored these phone numbers in hash, the data was not salted. [53] [54] [55] [56] In late 2015, the Dutch government released a press statement claiming that WhatsApp had changed its hashing method, making it much harder to reverse, and thus subsequently complied with all rules and regulations. [57]

On December 1, 2014, Indrajeet Bhuyan and Saurav Kar demonstrated the WhatsApp Message Handler vulnerability, which allows anyone to remotely crash WhatsApp just by sending a specially crafted 2 kilobyte message. A user who receives the message must delete the whole conversation to avoid crashing WhatsApp upon opening the conversation. [58] In early 2015, after WhatsApp launched a web client that can be used from the browser, Bhuyan found that the client had two new security issues: the WhatsApp photo privacy bug and the WhatsApp web photo sync bug. [59] [60]

2016

On March 2, 2016, WhatsApp introduced a document-sharing feature, that allows users to share PDF files with contacts. [61] WhatsApp received criticism, however, about the default setting to automatically download attachments, which raised concerns about the downloading of malware and malicious files once the feature expands to include more than just PDFs. [62]

In August 2016, WhatsApp announced that it will start sharing account information such as the phone number of the account owner and aggregated analytical data, with Facebook. WhatsApp claims that the address books, message content, and metadata of users would not be shared. According to WhatsApp, this account information is shared to "track basic metrics about how often people use our services and better fight spam on WhatsApp. And by connecting your phone number with Facebook's systems, Facebook can offer better friend suggestions and show you more relevant ads if you have an account with them." It was further stated that "User data will not be shared with advertisers, and is only used internally on the Facebook services," and that users would be given the choice to opt-out of sharing this data with Facebook for advertisement purposes. [63] [64] [65]

In October 2016, the Article 29 Working Party stated that it has serious concerns regarding the way that the information relating to the updated Terms of Service and Privacy Policy was provided to users, and, consequently, about the validity of the users’ consent. [66]

From the latest client as of April 5, 2016, end-to-end encryption is supported for all of a user's communications, including file transfers and voice calls. It uses Curve25519 for key exchange, HKDF for generation of session keys (AES-256 in CBC mode for encryption and HMAC-SHA256 for integrity verification), and SHA512 for generating the two 30 digit fingerprints of both users' identity keys so that users can verify encryption. The encryption prevents even the company from being able to decrypt users' communications. This update was received well by security professionals and privacy enthusiasts, and the move was praised by Amnesty International. The US Federal Bureau of Investigation criticized the update as threatening the work of law enforcement. [67]

In 2016, WhatsApp received a score of 6 out of 7 points on the Electronic Frontier Foundation's "Secure Messaging Scorecard". It has received points for having communications encrypted in transit, having communications encrypted with keys the provider doesn't have access to, allowing users to verify contacts' identities, having past messages secure if the encryption keys are stolen, having completed a recent independent security audit, and having the security designs properly documented. The missing seventh point is for the code not being open to independent review. [68]

2017

On January 15, 2017, a research team from Ruhr University Bochum published a security analysis of group messaging protocols in WhatsApp and other messaging services, that found a privacy concern in that WhatsApp's servers effectively control the membership in groups. The report found that it would be therefore possible to add arbitrary phone numbers to a group chat such that future communication becomes insecure. [69]

In October 2017, the German software company Open-Xchange criticized WhatsApp, among others, for using proprietary software and stated plans to create an open-source alternative. [70]

The Guardian Incident

On January 13, 2017, The Guardian reported that security researcher Tobias Boelter had found WhatsApp's policy of forcing re-encryption of initially undelivered messages, without informing the recipient, to constitute a loophole whereby WhatsApp could disclose the content of these messages. [71]

WhatsApp and Open Whisper Systems officials disagreed with this assessment. [72] [73]

After complaints from 73 security researchers, The Guardian substantially revised and corrected their articles, and a follow up article from Boelter was removed. [74] In June 2017, The Guardian readers’ editor Paul Chadwick wrote that "The Guardian was wrong to report in January that the popular messaging service WhatsApp had a security flaw so serious that it was a huge threat to freedom of speech." [75] [76]

"In a detailed review I found that misinterpretations, mistakes and misunderstandings happened at several stages of the reporting and editing process. Cumulatively they produced an article that overstated its case."

Paul Chadwick, The Guardian [76]

Chadwick also noted that since the Guardian article, WhatsApp has been "better secured by the introduction of optional two-factor verification in February." [76]

2019

In May 2019, it was revealed that there was a security vulnerability in WhatsApp, allowing a remote person to install a spyware just by making a call which does not even need to be answered. [77] Later, in June 2019, another vulnerability was revealed, allowing a user to transform an audio call into a video call, without the victim consent and without the victim noticing. A bug bounty of US$5000 was offered for this bug. [78]

In June 2019, WhatsApp announced that it would take legal action against users who send disproportionately high number of messages using their communication platform. The company reiterated that its platform was meant for private messaging or for businesses to interact with their customers through their business app. In a notification on their website the company stated "Beginning on December 7, 2019, WhatsApp will take legal action against those we determine are engaged in or assisting others in abuse that violates our terms of service, such as automated or bulk messaging". [79]

In September 2019, WhatsApp was criticized for its implementation of a 'delete for everyone' feature. iOS users can elect to save media to their camera roll automatically. When a user deletes media for everyone, WhatsApp does not delete images saved in the iOS camera roll and so those users are able to keep the images. WhatsApp released a statement saying that "the feature is working properly," and that images stored in the camera roll cannot be deleted due to Apple's security layers. [80]

In November 2019, WhatsApp released a new privacy feature that let users decide who adds them to the group. [81]

In December 2019, WhatsApp confirmed a security flaw that would allow hackers to use a malicious GIF image file to gain access to the recipient's data. The flaw was first reported by a user named Awakened on GitHub with an explanation of how the exploit worked. When the recipient opened the gallery within WhatsApp, even if not sending the malicious image, the hack is triggered and the device and its contents become vulnerable. The flaw was patched and users were encouraged to update WhatsApp. [82] [83] [84]

On December 17, 2019, WhatsApp fixed a security flaw that allowed cyber attackers to repeatedly crash the messaging application for all members of group chat, which could only be fixed by forcing the complete uninstall and reinstall of the app. [85] The bug was discovered by Check Point in August 2019 and reported to WhatsApp. It was fixed in version 2.19.246 onwards. [86] [87]

2020

In April 2020, WhatsApp sued the NSO Group for allegedly using the spyware it produces to hack at least 1,400 WhatsApp users. To which the company responded by claiming that it is not responsible for, nor can it control how its clients use its software. According to research by Citizen Lab countries which may have used the software to hack WhatsApp include, Saudi Arabia, Bahrain, Kazakhstan, Morocco, Mexico and the United Arab Emirates. [88]

On 16 December 2020, as part of an anti-trust case against Google, a complaint was made that WhatsApp gave Google access to private messages. The complaint was heavily redacted due to being part of an ongoing case, and therefore it cannot be determined if the claim alleges tampering with the app's end-to-end encryption, or Google accessing user backups. [89]

2021

In January 2021, WhatsApp announced an update to its Privacy Policy which states that WhatsApp would collect the metadata of users and share it with Facebook and its "family of companies" starting in February 2021. [90] Previously, users could opt-out of such data sharing, but this will no longer be an option. The new policy will not fully apply within the EU, in order to comply with the GDPR. [91] The new policy will not allow WhatsApp to see or send messages, which are still end-to-end encrypted, but it will allow Facebook to see data such as what phone and operating system a user has, the user's time zone, IP address, profile picture, status, phone number, app usage, and all of the contacts which are stored in WhatsApp. [92]

This move has drawn intense criticism for Facebook and WhatsApp, with critics claiming that it erodes the users' privacy. [93]

Facing pushback and lack of clarity about Facebook data sharing, WhatsApp postponed the implementation of the updated privacy policy from February 8, 2021, to May 15, 2021, [94] [95] [96] but announced they have no plans to limit the functionality of the app for those who don't approve the new terms or to give them persistent reminders to do so. [97]

ProPublica investigation

In September 2021, ProPublica published an extensive investigation into WhatsApp's use of outside contractors and artificial intelligence systems to examine user communication, and its collaboration with law enforcement. The investigation includes information from a complaint filed by a whistleblower with the U.S. Securities and Exchange Commission. [98] Internal WhatsApp company documents revealed Facebook's considerable efforts to brand WhatsApp as "a paragon of privacy".

WhatsApp employs around 1000 contractors in their 20s and 30s, via Accenture, at offices in Austin, Texas, Dublin and Singapore. Their job is to review content reported by WhatsApp users, and pay starts at $16.50/hour. When a user flags a message they've received, it and the previous four messages are decrypted and sent to this content review team. A reviewer has less than a minute to decide whether to do nothing, place the user on a watch list, or ban them. Due to pranks, ambiguous content, language nuances and translation errors, the process is prone to misunderstandings.

WhatsApp also uses artificial intelligence systems to scan unencrypted data collected from users (profile image and status; phone number, IMEI and OS; names and images of the user's WhatsApp groups; a list of the user's electronic devices[ clarification needed ]; any Facebook or Instagram accounts) and compares it against suspicious patterns or terms and images previously deemed abusive.

WhatsApp shares message metadata with law enforcement agencies such as the Department of Justice. If legally required, or at its own discretion (such as for investigating Facebook leaks), it can provide critical location or account information, or real-time data on the recipients messaged a target subject. WhatsApp message metadata has been used to help jail people such as whistleblower Natalie Edwards. In 2020, WhatsApp reported 400,000 instances of possible child-exploitation imagery to the National Center for Missing & Exploited Children.

Related Research Articles

<span class="mw-page-title-main">Instant messaging</span> Form of communication over the internet

Instant messaging (IM) technology is a type of online chat allowing real-time text transmission over the Internet or another computer network. Messages are typically transmitted between two or more parties, when each user inputs text and triggers a transmission to the recipient(s), who are all connected on a common network. It differs from email in that conversations over instant messaging happen in real-time. Most modern IM applications use push technology and also add other features such as emojis, file transfer, chatbots, voice over IP, or video chat capabilities.

<span class="mw-page-title-main">Skype</span> Telecommunications software service/application

Skype is a proprietary telecommunications application operated by Skype Technologies, a division of Microsoft, best known for VoIP-based videotelephony, videoconferencing and voice calls. It also has instant messaging, file transfer, debit-based calls to landline and mobile telephones, and other features. Skype is available on various desktop, mobile, and video game console platforms.

End-to-end encryption (E2EE) is a private communication system in which only communicating users can participate. As such, no one, including the communication system provider, telecom providers, Internet providers or malicious actors, can access the cryptographic keys needed to converse.

<span class="mw-page-title-main">Facebook</span> Social-networking service owned by Meta Platforms

Facebook is an online social media and social networking service owned by American technology giant Meta Platforms. Created in 2004 by Mark Zuckerberg with four other Harvard College students and roommates Eduardo Saverin, Andrew McCollum, Dustin Moskovitz, and Chris Hughes, its name derives from the face book directories often given to American university students. Membership was initially limited to Harvard students, gradually expanding to other North American universities. Since 2006, Facebook allows everyone to register from 13 years old, except in the case of a handful of nations, where the age limit is 14 years. As of December 2022, Facebook claimed 3 billion monthly active users. As of October 2023 Facebook ranked as the 3rd most visited website in the world with 22.56% of its traffic coming from the United States. It was the most downloaded mobile app of the 2010s.

<span class="mw-page-title-main">UC Browser</span> Chinese web browser developed by UCWeb Inc

UC Browser is a web browser developed by mobile internet company UCWeb, a subsidiary of the Alibaba Group. It was the most popular mobile browser in India and Indonesia, and the second most popular one in China as of 2017. Its world-wide browser share as of May 2022 is 0.86% overall according to StatCounter.

<span class="mw-page-title-main">Moxie Marlinspike</span> American entrepreneur

Moxie Marlinspike is an American entrepreneur, cryptographer, and computer security researcher. Marlinspike is the creator of Signal, co-founder of the Signal Technology Foundation, and served as the first CEO of Signal Messenger LLC. He is also a co-author of the Signal Protocol encryption used by Signal, WhatsApp, Google Messages, Facebook Messenger, and Skype.

<span class="mw-page-title-main">WhatsApp</span> Messaging and VoIP service owned by Meta Platforms

WhatsApp is a freeware, cross-platform, centralized instant messaging (IM) and voice-over-IP (VoIP) service owned by United States tech conglomerate Meta Platforms. It allows users to send text, voice messages and video messages, make voice and video calls, and share images, documents, user locations, and other content. WhatsApp's client application runs on mobile devices, and can be accessed from computers. The service requires a cellular mobile telephone number to sign up. In January 2018, WhatsApp released a standalone business app called WhatsApp Business which can communicate with the standard WhatsApp client.

<span class="mw-page-title-main">Messenger (software)</span> American instant messaging app

Messenger is an American proprietary instant messaging app and platform developed by Meta Platforms. Originally developed as Facebook Chat in 2008, the company revamped its messaging service in 2010, released standalone iOS and Android apps in 2011, and released standalone Facebook Portal hardware for Messenger calling in 2018. In April 2015, Facebook launched a dedicated website interface, Messenger.com, and separated the messaging functionality from the main Facebook app, allowing users to use the web interface or download one of the standalone apps. In April 2020, Facebook released a Messenger desktop app for Windows and macOS.

<span class="mw-page-title-main">Telegram (software)</span> Cross-platform encrypted instant messaging service

Telegram Messenger, commonly known as Telegram, is a cloud-based, cross-platform instant messaging (IM) service. It allows users to exchange messages, share media and files, and hold private and group voice or video calls, as well as public livestreams. It is available for Android, iOS, Windows, macOS, Linux, and web browsers. Telegram provides end-to-end encryption in voice and video calls, and in optional private chats, which Telegram calls Secret Chats.

TextSecure was an encrypted messaging application for Android that was developed from 2010 to 2015. It was a predecessor to Signal and the first application to use the Signal Protocol, which has since been implemented into WhatsApp and other applications. TextSecure used end-to-end encryption to secure the transmission of text messages, group messages, attachments and media messages to other TextSecure users.

<span class="mw-page-title-main">Open Whisper Systems</span> Open source software organization

Open Whisper Systems was a software development group that was founded by Moxie Marlinspike in 2013. The group picked up the open source development of TextSecure and RedPhone, and was later responsible for starting the development of the Signal Protocol and the Signal messaging app. In 2018, Signal Messenger was incorporated as an LLC by Moxie Marlinspike and Brian Acton and then rolled under the independent 501c3 non-profit Signal Technology Foundation. Today, the Signal app is developed by Signal Messenger LLC, which is funded by the Signal Technology Foundation.

<span class="mw-page-title-main">Cellphone surveillance</span> Interception of mobile phone activity

Cellphone surveillance may involve tracking, bugging, monitoring, eavesdropping, and recording conversations and text messages on mobile phones. It also encompasses the monitoring of people's movements, which can be tracked using mobile phone signals when phones are turned on.

Threema is a paid cross-platform encrypted instant messaging app developed by Threema GmbH in Switzerland and launched in 2012. The service operates on a decentralized architecture and offers end-to-end encryption. Users can make voice and video calls, send photos, files, and voice notes, share locations, and make groups. Unlike many other popular secure messaging apps, Threema does not require phone numbers or email address for registration, only a one-time purchase. Threema is available on iOS and Android and has clients for Windows, macOS, Linux, and can be accessed via web browser but requires a mobile app to function.

<span class="mw-page-title-main">Signal (software)</span> Privacy-focused encrypted messaging app

Signal is an encrypted messaging service for instant messaging, voice, and video calls. The instant messaging function includes sending text, voice notes, images, videos, and other files. Communication may be one-to-one between users, or for group messaging.

<span class="mw-page-title-main">Matrix (protocol)</span> Networking protocol for real-time communication and data synchronization

Matrix is an open standard and communication protocol for real-time communication. It aims to make real-time communication work seamlessly between different service providers, in the way that standard Simple Mail Transfer Protocol email currently does for store-and-forward email service, by allowing users with accounts at one communications service provider to communicate with users of a different service provider via online chat, voice over IP, and videotelephony. It therefore serves a similar purpose to protocols like XMPP, but is not based on any existing communication protocol.

The Signal Protocol is a non-federated cryptographic protocol that provides end-to-end encryption for voice and instant messaging conversations. The protocol was developed by Open Whisper Systems in 2013 and was first introduced in the open-source TextSecure app, which later became Signal. Several closed-source applications have implemented the protocol, such as WhatsApp, which is said to encrypt the conversations of "more than a billion people worldwide" or Google who provides end-to-end encryption by default to all RCS-based conversations between users of their Google Messages app for one-to-one conversations. Facebook Messenger also say they offer the protocol for optional Secret Conversations, as does Skype for its Private Conversations.

The following is a timeline of WhatsApp, a proprietary cross-platform, encrypted, instant messaging client for smartphones.

<span class="mw-page-title-main">Karsten Nohl</span> German cryptography expert and hacker (born 1981)

Karsten Nohl is a German cryptography expert and hacker. His areas of research include Global System for Mobile Communications (GSM) security, radio-frequency identification (RFID) security, and privacy protection.

<span class="mw-page-title-main">Zoom (software)</span> Videoconferencing software

Zoom, also called Zoom Meetings, is a proprietary videotelephony software program developed by Zoom Video Communications. The free plan allows up to 100 concurrent participants, with a 40-minute time restriction. Users have the option to upgrade by subscribing to a paid plan, the highest of which supports up to 1,000 concurrent participants for meetings lasting up to 30 hours.

Meta Platforms Inc., or Meta for short, has faced a number of privacy concerns. These stem partly from the company's revenue model that involves selling information collected about its users for many things including advertisement targeting. Meta Platforms Inc. has also been a part of many data breaches that have occurred within the company. These issues and others are further described including user data concerns, vulnerabilities in the company's platform, investigations by pressure groups and government agencies, and even issues with students. In addition, employers and other organizations/individuals have been known to use Meta Platforms Inc. for their own purposes. As a result, individuals’ identities and private information have sometimes been compromised without their permission. In response to these growing privacy concerns, some pressure groups and government agencies have increasingly asserted the users’ right to privacy and to be able to control their personal data.

References

  1. 1 2 3 4 Parmy Olsen (February 2, 2014). "Exclusive: The Rags-To-Riches Tale Of How Jan Koum Built WhatsApp Into Facebook's New $19 Billion Baby". Forbes . Retrieved January 14, 2015.
  2. "WhatsApp 2.0 is submitted - WhatsApp Blog" . Retrieved June 5, 2016.
  3. "Three-quarters of WhatsApp users are on Android, 22% on iOS (study)". Venturebeat.com. Retrieved June 5, 2016.
  4. "5 years of WeChat" . Retrieved June 5, 2016.
  5. "Snapchat" . Retrieved June 5, 2016.
  6. Schellevis, Joost (January 12, 2012). "What's app status: van Anderen os nog steeds te wijzigen" (in Dutch). Tweakers. Retrieved January 12, 2012.
  7. rvdm (January 12, 2012). "How What's app net works". Wire trip. Retrieved April 7, 2013.
  8. "Are my messages secure?". WhatsApp (FAQ). Zendesk. August 15, 2012. Retrieved January 29, 2013.
  9. "PrivCo". Privco.com. Retrieved May 30, 2016.
  10. "The Granddaddy Of Messaging Apps, WhatsApp, Finally Goes For A Subscription Model on iOS". Techcrunch.com. Retrieved June 8, 2016.
  11. "WhatsApp, the Internet Messenger, to Become Free". The New York Times. Retrieved August 28, 2016.
  12. "Russia's Zuckerberg launches Telegram, a new instant messenger service". Reuters.com. Retrieved June 5, 2016.
  13. "Voice Messaging Comes To Whatsapp". Techcrunch.com. Retrieved June 6, 2016.
  14. "WhatsApp Was Valued At ~$1.5B In Final Round Before Sale". Techcrunch. Retrieved February 22, 2014.
  15. "Facebook to Buy WhatsApp for $19 Billion". The Wall Street Journal. Retrieved August 28, 2016.
  16. "Hole In WhatsApp For Android Lets Hackers Steal Your Conversations". Techcrunch.com. Retrieved June 6, 2016.
  17. "Whatsapp now lets you disable Read notifications". November 15, 2014.
  18. "WhatsApp Web". January 21, 2015.
  19. "(Updated) WhatsApp begins crackdown on unlicensed 3rd party clients". Androidauthority.com. Retrieved June 6, 2016.
  20. "WhatsApp Says It's Not "Permanently" Banning Users From Its Service, Just Blocking Third-Party Clients". Techcrunch.com. Retrieved June 6, 2016.
  21. "Brazil Restores WhatsApp Service After Brief Blockade Over Wiretap Request". The New York Times. December 17, 2015. Retrieved August 28, 2016.
  22. "WhatsApp Is Briefly Shut Down in Brazil for a Third Time". The New York Times. July 19, 2016. Retrieved August 28, 2016.
  23. Ina Fried (January 18, 2016). "Facebook's Whatsapp is Now Free". Re Code. Vox Media, Inc. Retrieved January 18, 2016.
  24. "Whatsapp to Drop Subscription Fee". Wall Street Journal. Dow Jones & Company, Inc. January 18, 2016. Retrieved January 18, 2016.
  25. "No Subscription Charges For WhatsApp: Does Facebook Have A Monetization Strategy In Place?". Forbes. Retrieved May 30, 2016.
  26. "Brazil Arrests Facebook Executive in WhatsApp Data Access Case". The New York Times. March 1, 2016. Retrieved August 28, 2016.
  27. "Senior Facebook executive arrested in Brazil after police denied access to data". The Washington Post. March 2, 2016. Retrieved March 21, 2021.
  28. "WhatsApp adds support for document sharing, but only PDFs at launch". TechCrunch. March 2, 2016. Retrieved March 2, 2016.
  29. 1 2 Metz, Cade (April 5, 2016). "Forget Apple vs. the FBI: WhatsApp Just Switched on Encryption for a Billion People". Wired. Condé Nast. Retrieved April 5, 2016.
  30. Lomas, Natasha (April 5, 2016). "WhatsApp completes end-to-end encryption rollout". TechCrunch. AOL Inc. Retrieved April 5, 2016.
  31. "WhatsApp Introduces End-to-End Encryption". The New York Times. April 5, 2016. Retrieved August 28, 2016.
  32. "Introducing WhatsApp's desktop app", WhatsApp Blog, 10 May 2016, retrieved 11 May 2016
  33. Ong, Thuy (January 19, 2018). "WhatsApp launches a separate app for small businesses". The Verge . Archived from the original on January 19, 2018. Retrieved May 26, 2021.
  34. Nieva, Richard (September 26, 2018). "WhatsApp co-founder: 'I sold my users' privacy' with Facebook acquisition". CNET . Retrieved May 26, 2021.
  35. Chowdhry, Amit. "WhatsApp's Group Audio And Video Calling Features Arrive On iPhone And Android". Forbes. Archived from the original on September 20, 2018. Retrieved May 26, 2021.
  36. de Vries, Wilbert (May 21, 2011). "Fout in verificatiecheck Whatsapp maakt meelezen berichten mogelijk" (in Dutch). Tweakers. Retrieved August 24, 2016.
  37. Mutsaerts (May 20, 2011). "WhatsApp. Nu NOG lekker!" (in Dutch). Geenstijl. Retrieved August 24, 2016.
  38. McCarty, Brad (May 23, 2011). "Signup goof leaves WhatsApp users open to account hijacking". The Next Web. Retrieved January 29, 2013.
  39. Brookehoven, Corey (May 19, 2011). "Whatsapp leaks usernames, telephone numbers and messages". Your daily Mac. Archived from the original on May 23, 2011. Retrieved July 18, 2011.
  40. "Whatsapp ya cifra los mensajes" [What’s app already encrypts messages]. Mi equipo está loco (in Spanish). ES: IT Pro. May 11, 2012. Retrieved May 31, 2012.
  41. BB, David (May 8, 2012). "Twitter" (status). Retrieved May 31, 2012.
  42. Sp0rk bomb (May 10, 2012). "Twitter" . Retrieved May 31, 2012.{{cite web}}: CS1 maint: numeric names: authors list (link)
  43. "WhatsApp is broken, really broken". File perms. September 12, 2012. Archived from the original on January 8, 2015. Retrieved July 2, 2015.
  44. djwm (May 13, 2012). "Sniffer tool displays other people's WhatsApp messages". H (online ed.). Heinz Heise . Retrieved January 29, 2013.
  45. "Are my messages secure?". WhatsApp (FAQ). Zendesk. August 15, 2012. Retrieved January 29, 2013.
  46. Schellevis, Joost (January 12, 2012). "WhatsApp status van anderen is nog steeds te wijzigen" (in Dutch). Tweakers. Retrieved January 12, 2012.
  47. rvdm (January 12, 2012). "How What's app net works". Wire trip. Archived from the original on November 5, 2013. Retrieved April 7, 2013.
  48. fab (September 14, 2012). "WhatsApp accounts almost completely unprotected". The H (online ed.). Heinz Heise . Retrieved January 26, 2013.
  49. crve (September 25, 2012). "WhatsApp threatens legal action against API developers". The H (online ed.). Heinz Heise . Retrieved January 26, 2013.
  50. wnstnsmth (September 30, 2012). "WhatsAPI sources back online". The H (online ed.). Heinz Heise . Retrieved January 26, 2013.
  51. "CITC warns Skype, Viber, WhatsApp". Saudi Gazette. Jeddah. March 31, 2013.
  52. ULD empfiehlt nach dem WhatsApp-Facebook-Deal: "Wechseln" (German)
  53. Wisniewski, Chester (January 29, 2013). "WhatsApp's privacy investigated by joint Canadian-Dutch probe". Naked security. Sophos . Retrieved January 29, 2013.
  54. "Investigation into the personal information handling practices of WhatsApp Inc". Findings under the Personal Information Protection and Electronic Documents Act (PIPEDA). Report of Findings. Privacy Commissioner of Canada. January 15, 2013. 2013-001. Retrieved January 29, 2013.
  55. gh, h (January 28, 2013). "WhatsApp could face prosecution on poor privacy". IDG . CXO Media. Archived from the original on November 5, 2013. Retrieved January 29, 2013. Dutch and Canadian privacy commissioners conducted a yearlong investigation into the popular mobile app
  56. "Dutch DPA: WhatsApp non-users better protected". November 3, 2015. Archived from the original on July 17, 2018. Retrieved October 6, 2017.
  57. "Crash Your Friends' WhatsApp Remotely with Just a Message". TheHackerNews. December 1, 2014. Retrieved December 1, 2014.
  58. "Multiple Vulneribilities found in Whatsapp Web". Hackatrick. January 29, 2015. Retrieved January 29, 2015.
  59. "17-Year-Old Found Bugs in WhatsApp Web and Mobile App". TheHackerNews. January 29, 2015. Retrieved January 29, 2015.
  60. "WhatsApp adds support for document sharing, but only PDFs at launch". TechCrunch. March 2, 2016. Retrieved March 2, 2016.
  61. "Your mobile could be at risk if you don't deactivate the new function on WhatsApp". Softonic. March 7, 2016. Retrieved March 7, 2016.
  62. Koum, Jan (August 25, 2016). "Looking ahead for WhatsApp". WhatsApp. Retrieved August 25, 2016.
  63. Vincent, James (August 25, 2016). "WhatsApp to start sharing user data with Facebook". The Verge. Retrieved August 25, 2016.
  64. Lomas, Natasha (26 August 2016). "How to opt out of sharing your WhatsApp info with Facebook". TechCrunch. AOL Inc. Retrieved 4 September 2016.
  65. Falque-Pierrotin, Isabelle (27 October 2016). "Article 29 Data Protection Working Party" (PDF). Letter to Jan Koum.
  66. "Whatsapp adds end-to-end encryption". BBC News. April 6, 2016. Retrieved April 6, 2016.
  67. "Secure Messaging Scorecard. Which apps and tools actually keep your messages safe?". Electronic Frontier Foundation. Archived from the original on 14 April 2016. Retrieved 13 March 2023.
  68. Rösler, Paul; Mainka, Christian; Schwenk, Jörg (2017). "More is Less: On the End-to-End Security of Group Chats in Signal, WhatsApp, and Threema". Cryptology ePrint Archive.
  69. "Open source sets sights on killing WhatsApp and Slack". The Register .
  70. Manisha, Ganguly (13 January 2017). "WhatsApp vulnerability allows snooping on encrypted messages". The Guardian. Retrieved 21 February 2017.
  71. Dan, Goodin (13 January 2017). "Reported "backdoor" in WhatsApp is in fact a feature, defenders say". Ars Technica. Retrieved 21 February 2017. WhatsApp does not give governments a "backdoor" into its systems and would fight any government request to create a backdoor. The design decision referenced in the Guardian story prevents millions of messages from being lost, and WhatsApp offers people security notifications to alert them to potential security risks. WhatsApp published a technical white paper on its encryption design and has been transparent about the government requests it receives, publishing data about those requests in the Facebook Government Requests Report.
  72. "There is no WhatsApp 'backdoor'". OWS Blog. January 13, 2017. Retrieved January 15, 2017.
  73. Tufekci, Zeynep; Green, Matthew; Schneier, Bruce; et al. (January 20, 2017). "In Response to Guardian's Irresponsible Reporting on WhatsApp: A Plea for Responsible and Contextualized Reporting on User Security". Technosociology. Retrieved June 17, 2018.
  74. "WhatsApp vulnerability explained: by the man who discovered it". The Guardian. 16 January 2017. Retrieved 17 June 2018.
  75. 1 2 3 Chadwick, Paul (28 June 2017). "Flawed reporting about WhatsApp". The Guardian. Retrieved 6 October 2017.
  76. "Update WhatsApp now: Bug lets snoopers put spyware on your phone with just a call". ZDNet .
  77. "Zonel Sougaijam from Manipur rewarded with $5000 for discovering WhatsApp Bug". 12 June 2019.
  78. "WhatsApp to sue users who send way too many messages". The Financial Express. 2019-06-13. Retrieved 2019-06-13.
  79. Doffman, Zak. "WhatsApp Warning For Millions Of iPhone Users As 'Delete For Everyone' Fails To Work". Forbes. Archived from the original on September 24, 2019. Retrieved September 24, 2019.
  80. "How To Enable New WhatsApp Feature That Lets You Decide Who Can Add You To Groups". HuffPost India. November 6, 2019. Archived from the original on December 1, 2019. Retrieved November 21, 2019.
  81. Doffman, Zak. "New WhatsApp Warning: Security Flaw Confirmed—1 Billion Users Told Update Apps Now". Forbes. Retrieved 2020-12-21.
  82. Valinsky, Jordan (2019-10-07). "WhatsApp had a bug that let hackers take over phones with a GIF". CNN Digital. Retrieved 2020-12-21.
  83. Osborne, Charlie. "WhatsApp vulnerability exploited through malicious GIFs to hijack chat sessions". ZDNet. Retrieved 2020-12-21.
  84. Doffman, Zak. "WhatsApp Update Warning As New 'App Killing' Message Confirmed: Here's What You Need To Know". Forbes. Archived from the original on May 3, 2020. Retrieved April 28, 2020.
  85. "BreakingApp – WhatsApp Crash & Data Loss Bug". Check Point Research. December 17, 2019. Archived from the original on December 21, 2019. Retrieved December 21, 2019.
  86. Kraus, Rachel (17 December 2019). "Crisis averted: WhatsApp fixed a lethal security flaw". Mashable. Archived from the original on December 21, 2019. Retrieved December 21, 2019.
  87. "NSO Group points finger at state clients in WhatsApp spying case". The Guardian. 7 April 2020. Archived from the original on April 7, 2020. Retrieved April 7, 2020.
  88. "Prosecutors say Google accessed private WhatsApp messages — but the evidence is thin". The Verge. 17 December 2020. Retrieved December 19, 2020.
  89. Krishna Mohan, Vaishnavi (2021-01-28). "WhatsApp's New Privacy Policy: Collecting Metadata and Its Implications". Global Views 360. Archived from the original on 2021-01-28. Retrieved 2021-01-28.
  90. "Privacy Policy - EEA - Revisions - Feb 2021". WhatsApp.com. Retrieved 2021-01-18.
  91. "Privacy Policy". WhatsApp.com. Retrieved 2021-06-01.
  92. Goodin, Dan (2021-01-06). "WhatsApp gives users an ultimatum: Share data with Facebook or stop using the app". Ars Technica. Retrieved 2021-01-07.
  93. Kharpal, Arjun (2021-01-18). "WhatsApp delays privacy update over user 'confusion' and backlash about Facebook data sharing". CNBC. Retrieved 2021-01-18.
  94. "Giving More Time For Our Recent Update". WhatsApp.com. Retrieved 2021-01-18.
  95. "To accept or to not accept: Whatsapp's new privacy policy stirs dilemma among users". 26 February 2021. Archived from the original on 27 February 2021. Retrieved 21 March 2021.
  96. "About the effective date". whatsapp.com. Retrieved 2021-11-17.
  97. Elkind, Peter; Gillum, Jack; Silverman, Craig (8 September 2021). "How Facebook Undermines Privacy Protections for Its 2 Billion WhatsApp Users". ProPublica.

2020

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.