Skip to main content

Vulnerability in WhatsApp for Android allows others to read your conversations

whatsapp offline message facebook feature
Image used with permission by copyright holder

If you’re chatting in WhatsApp, you may not want to say anything too private. Double Think chief technology officer Bas Bosschert has discovered a glaring security flaw sure to put frowns on plenty of people’s faces.

Here’s what’s wrong: When you back up your WhatsApp data, possibly because you want to install the app on another device, the back-up goes to the WhatsApp database, which is saved on your phone’s SD card. Rather than make a unique code for each user, WhatsApp uses the same encryption code for everyone. This spells bad news for users since, in theory, a developer can make an app that can decrypt and gain access to that data. So long as you grant the app the permissions it asks for, your messages will be exposed in all their glory and possibly uploaded to third-parties.

Recommended Videos

Bosschert tested the theory by developing a companion app, and used a loading screen while the app acquired the database files and uploaded them. Unfortunately, the app succeeded in doing so, with Bosschert reporting that, even with yesterday’s WhatsApp for Android update, the security flaw still exists.

For reference, the iOS version of the app does the same thing, but Apple prevents access to the sandbox WhatsApp creates when storing data.

We have no idea when or if a fix is coming. Until then, chat casual.

Williams Pelegrin
Former Digital Trends Contributor
Williams is an avid New York Yankees fan, speaks Spanish, resides in Colorado, and has an affinity for Frosted Flakes. Send…
How to use Google’s Gemini AI app on your Android phone or iPhone
How to use Gemini on your Android.based device.

Google Gemini is a powerful AI assistant that can help you with a variety of tasks, from writing and brainstorming to learning and finding information. It’s designed to be a versatile and helpful tool that can enhance your productivity and creativity.

Read more
Your Google Photos app may soon get a big overhaul. Here’s what it looks like
The Google Photos app running on a Google Pixel 8 Pro.

Google Photos is set to get a long-overdue overhaul that will bring new and improved sharing and notification features to the app. With its automatic backups, easy sorting and search, and album sharing, Google Photos has always been one of the better photo apps, and now it's set to get a whole slew of AI features.

According to an APK teardown done by Android Authority and the leaker AssembleDebug, Google is now set to double down on improving sharing features. Google Photos will get a new social-focused sharing page in version 6.85.0.637477501 for Android devices.

Read more
Microsoft Copilot is invading your favorite chat apps
Telegram app download.

It's not just you -- Microsoft is putting Copilot just about anywhere, and now it's available on Telegram as a bot that's part of its "copilot-for-social" project. Windows Latest reports that to use the bot, you'll need to confirm your phone number by sending your contact in the chat. The company is expanding its AI integration into one of the most popular messaging apps, but it might not end there.

Microsoft claims that it won't save your phone number for anything other than verification, but it's needed because the service is currently unavailable for anyone in the EU, at least for now. If anyone in the EU tries to access it, they will be blocked.

Read more