If you’re chatting in WhatsApp, you may not want to say anything too private. Double Think chief technology officer Bas Bosschert has discovered a glaring security flaw sure to put frowns on plenty of people’s faces.
Here’s what’s wrong: When you back up your WhatsApp data, possibly because you want to install the app on another device, the back-up goes to the WhatsApp database, which is saved on your phone’s SD card. Rather than make a unique code for each user, WhatsApp uses the same encryption code for everyone. This spells bad news for users since, in theory, a developer can make an app that can decrypt and gain access to that data. So long as you grant the app the permissions it asks for, your messages will be exposed in all their glory and possibly uploaded to third-parties.
Bosschert tested the theory by developing a companion app, and used a loading screen while the app acquired the database files and uploaded them. Unfortunately, the app succeeded in doing so, with Bosschert reporting that, even with yesterday’s WhatsApp for Android update, the security flaw still exists.
For reference, the iOS version of the app does the same thing, but Apple prevents access to the sandbox WhatsApp creates when storing data.
We have no idea when or if a fix is coming. Until then, chat casual.
- Android’s texting is outdated, but Google is fixing it
- France is making its own WhatsApp clone in response to surveillance fears
- Music junkie? Here are the 25 best music apps for consuming and creating tunes
- The best iPhone apps available right now (April 2018)
- Protect your Bitcoin with the 10 best cryptocurrency apps for iOS and Android