WhatsApp, the cross-platform mobile messaging company acquired by Facebook in a $19 billion deal last month, attempted to quell fears over a security loophole in its Android application discovered by tech consultant Bas Bosschert, but Bosschert claimed that the loophole still exists despite the update to the Android app released earlier this week.
TechCrunch reported on a blog post by Bosschert in which he illustrated how WhatsApp messages can be accessed via the microSD cards on Android devices if other apps are granted access to the microSD cards, detailing the coding that makes it possible.
WhatsApp responded with a statement to TechCrunch:
We are aware of the reports regarding a “security flaw.” Unfortunately, these reports have not painted an accurate picture and are overstated. Under normal circumstances, the data on a microSD card is not exposed. However, if a device owner downloads malware or a virus, their phone will be at risk. As always, we recommend that WhatsApp users apply all software updates in order to ensure that they have the latest security fixes, and we strongly encourage users to only download trusted software from reputable companies. The current version of WhatsApp in Google Play was updated to further protect our users against malicious apps.
However, Bosschert wrote in the comments section of his blog post, as reported by TechCrunch, that his method still worked, even after the update to WhatsApp’s Android app.
Readers: Will WhatsApp be able to deal with the greater scrutiny that comes with being a part of Facebook?