WhatsApp cofounder Brian Acton expressed outrage at Facebook’s privacy policies last month by tweeting “It is time. #deletefacebook.” But WhatsApp’s Facebook-like group chat features also have design flaws that jeopardize user privacy. Maybe it’s also time to #DeleteWhatsApp.
WhatsApp differentiates itself from parent company Facebook by touting its end-to-end encryption. “Some of your most personal moments are shared with WhatsApp,” the company writes on its website, so “your messages, photos, videos, voice messages, documents, and calls are secured from falling into the wrong hands.”
But WhatsApp members may not be aware that when using the app’s Group Chat feature, their data can be harvested by anyone in the group. What is worse, their mobile numbers can be used to identify and target them.
WhatsApp groups are designed to enable up to 256 people to join a shared chat without having to go through a central administrator. Group originators can add contacts from their phones or create links enabling anyone to opt in. These groups, which can be found through web searches, discuss topics as diverse as agriculture, politics, pornography, sports, and technology. Not all groups have links, but in those that do, anyone who finds the link can join the group. While all new joining members are announced to the group, they are not required to provide a name or otherwise identify themselves. This design could leave inattentive members open to targeting, as a new report from European researchers shows.
The researchers demonstrated that a tech-savvy person can easily obtain treasure…