Facebook’s messaging app WhatsApp has more than two billion users across the globe. With so many people using this app daily to send private messages, we should all ask ourselves: “Is WhatsApp safe to use?”
In this guide, we dive into the popular messaging app to gauge how trustworthy it is for individuals who care about privacy and security.
Is WhatsApp Safe?
According to Facebook, WhatsApp’s end-to-end encryption ensures that only you and the recipient can read a message. Facebook states that it does not have access to the messages you send and receive.
When you first open WhatsApp on your phone, two keys are generated: a public and private key. The user keeps the private key while WhatsApp sends the public key to the receiver via a centralized server. When someone sends the user a message, the public key encrypts it and the user decrypts the message using the private key.
Simply put, every message you send and every call you make on WhatsApp is encrypted and inaccessible to third-parties. To confirm that this encryption exists, tap the profile of any contact and go to encryption. If you can, scan the code on your contact’s phone. On the other hand, you can manually compare your 60 digits to those of your contact to see if they match.
How Secure Is It Really?
While WhatsApp’s end-to-end encryption sounds good, it doesn’t guarantee 100 percent security.
Grab the Digital Privacy Toolkit
Get your FREE copy of the Digital Privacy Toolkit and discover the latest apps you can use to protect yourself against the expanding surveillance apparatus.
Most people use WhatsApp to share sensitive and private information because they believe that the encryption keeps this data safe. However, this is not the case.
According to a report by Bloomberg, a hacker can access the information you share via WhatsApp without having to decrypt the message. By gaining entry to your phone’s operating system, he or she can read every message you send or receive on WhatsApp.
“End-to-end encryption is a marketing device used by companies such as Facebook to lull consumers wary about cyber-surveillance into a false sense of security. Encryption is, of course, necessary, but it’s not a fail-safe way to secure communication,” wrote Leonid Bershidsky.
Moreover, if law enforcement believes that you are using WhatsApp to conduct illegal activities, it can access your information in several ways.
- Firstly, they can read your messages if they have physical access to your phone.
- Secondly, they can submit a court order or a search warrant to WhatsApp requesting the disclosure of your information.
- Thirdly, should governments succeed in forcing tech companies to create backdoors to their encrypted apps, all your data and messages will be available to government agencies.
Threats to WhatsApp Users
In 2019, Pegasus spyware spied into the phones of 1,400 people by exploiting the WhatsApp video and audio calling features. The spyware infected target phones whether the phone owners received the calls or not. This makes spyware a huge threat to WhatsApp users because they can infect mobile phones without users taking any action.
The Pegasus cyberattack abused WhatsApp vulnerabilities, a sign to users that the app is not as secure as they think.
Furthermore, a flaw was discovered that makes links to WhatsApp group conversations available on search engines. Links to group chats were previously available on Google but Facebook made a change preventing this search engine from indexing such conversations. However, links to group chats are still available on other search engines.
WhatsApp reported twelve vulnerabilities in 2019, a rise from one or two medium-category vulnerabilities reported in the past few years. Of the twelve vulnerabilities, seven were critical.
Can You Trust Facebook?
Facebook does not have the best track record of protecting the data privacy of its users. In 2018, it emerged that Cambridge Analytica had harvested personal identifiable information of 87 million Facebook users. The harvested data is attributed to the success of Donald Trump’s 2016 presidential campaign and the pro-BREXIT campaign.
History has shown that Facebook has handled security and privacy matters horrendously. But does that mean that you should stop using WhatsApp?
Well, that depends on what you are using it for.
If you want to discuss sensitive matters with friends or family or exchange important business information, probably not. If you want to send someone a quick hello or make plans for coffee, you should be okay.
Should you decide to continue to use WhatsApp, here are several measures that you can take to stay safe:
- To secure group chats, admins should reset the invite link to generate a new one. This measure is necessary if you shared the previous link publicly.
- Do not back up your WhatsApp data to the cloud where the government or hackers could access it.
- Enable two-factor authentication to add an extra layer of security. To do this, go to “Settings,” then click on “Account.” Next, tap “Two-step verification” and enable it.
- Turn on security notifications to receive alerts when the security codes of your contacts change. To do this, go to “Settings” then tap “Account.” Select the “Security” option and turn on the button to “Show security notifications.”
- Verify that the messages you are sending are encrypted by scanning the code on your contact’s phone or by checking that the 60 digits match those of your contact.
- Install WhatsApp desktop instead of using WhatsApp web, which hackers could manipulate.
- Review your privacy settings to check who can view your status, profile photo, live location, and about section. Also, you can turn off read receipts and control who can add you to groups. Go to “Settings>Account>Privacy to change these settings.
- Only send non-sensitive media files because once you send them, they are out of your control.
- Avoid clicking suspicious links shared to you on WhatsApp.
The Dark Web Journal does not recommend using WhatsApp for anything other than trivial conversation. If you need to exchange sensitive information, we recommend using the open-source messaging app Signal.