The undisputed leader in the western world for instant messaging, with over 900 million active users, WhatsApp is synonymous with smartphones and messaging. Despite this, there are constantly new controversies relating to the security of the application and this has led to many doubting the integrity of the service.
From fraud to malicious programs that take advantage of its popularity, to apps that spy on users and other vulnerabilities, there is seemingly no end to the problems which have been raised in a study carried out by investigators at the Cyber Forensic Research & Education Group at the University of New Haven in the United States.
Thanks to developing their own forensic tool, the investigators have managed to decode part of the communication that is established between the servers of WhatsApp and those of the user when there is communication of any sort carried out via the app.
They have discovered that, amongst other things, the popular instant messaging service collects and stores sensitive information about the user and the conversations that they have. None of this appears to be essential to the functioning of the messaging service, so you have to ask why the company does it, and why they haven’t publicly stated this before.
The company keeps a record of all calls that we make, who receives them, and their duration. What’s more, the people behind the study believe that encryption keys could also be somehow sent during these communications. Although they haven’t proven it yet, it could be just the tip of the iceberg for new security flaws in the chat service.
The group of experts from the University of New Haven have urged other investigators to use the tool that they have developed in the hope that more security breaches will be unearthed, as there are also fears over similar practices with other messaging services such as Facebook Messenger and Telegram.
Recently we have seen that WhatsApp has taken measures to try and improve the level of security that it offers to its users in order to guarantee their privacy. These steps include the introduction of the famous and controversial double check, specific updates, and a stronger encryption system.
However, to keep the system user-friendly, some recommended security measures aren’t compatible as it would compromise the user experience too much. This difficult balance is what WhatsApp finds itself fighting against as it fights to stake its claim as the largest, and most secure, instant messaging service on the market.