With more than 465 million monthly active users, WhatsApp is definitely a leader in the mobile messaging app business. However, certain revelations are dragging the industry leader down to the level of competitors like Snapchat: There are terrible security protocols.
These holes are not discoveries made since the Facebook acquisition. Indeed, problems like these have been around since the app was founded. According to Pando Daily contributor Yasha Levine, WhatsApp didn’t encrypt messages or data in any way for the first three years of its operation. Messages were just sent as plain text, a sure fire way to put user data at maximum risk.
When encryption protocols were implemented, they were incredibly weak. Ars Technica contributor Dan Goodin points to the work of several cryptologists that prove WhatsApp’s protocol is shoddy at best. Thijs Alkemade, a computer science and mathematics student from Utrecht University exposed the flaws in the protocols, that would allow easy access to messages and data. It isn’t even that hard, and these flaws are well documented — Microsoft created vulnerable VPN software in 1995 that had the same issues.
Alkemade provoked a dismissive response from WhatsApp about encryption and privacy. But in his response to Ars Technica, WhatsApp CEO Jan Koum may have been a little overly confident. “Basically, this is sensationalized and overblown. Please report responsibly and do research that goes beyond Twitter-sphere. We have a company to run. Back to work.” he said.
Other WhatsApp security problems have drawn attention from privacy investigators in Canada and the Netherlands. They found that it only took a few minutes and a basic computer to crack WhatsApp encryption. WhatsApp requires users to upload contacts to the app in order to find their friends. And despite claims that it is light on data collection, it collects plenty of other user data, including cookies, IP data, browser type and submissions made.
It seems that even with its current status of the golden boy of messaging apps, WhatsApp has similar problems as other apps captivating the public attention. The recent acquisition by Facebook may have spooked some privacy advocates, but the security concerns have been around longer than that.
Image credit: Murasam3