WhatsApp recently released an update that tried to improve its privacy features, but it seems that a nastier security issue lies deeper within. According to technical consultant, third-party app developers, especially less scrupulous ones, can easily get access to a user’s entire WhatsApp message database.
According to Bas Bosschert, who revealed this security loophole, this is because of how WhatsApp stores the chat history on an Android device. Basically, WhatsApp backs up the chat history and stores it on the Android device’s SD card. All that a malicious individual needs is for a user to give his or her not so suspicious app permission to read the data storage and, without the user knowing it, upload said database somewhere else. Given user habits when installing apps, even those on Google Play Store, that scenario isn’t hard to imagine.
WhatsApp is facing both fame and infamy after Facebook announced its bid to purchase the messaging service. Given Facebook’s reputation when it comes to privacy and security, a good number of people have been worried about the acquisition. Granted, this latest revelation seems to be based on an already existing implementation, so Facebook can hardly be blamed.
That said, one has to wonder why WhatsApp chose to implement its chat history storage this way. One might also wonder if Android’s app permissions, though often ignored, don’t provide enough safeguards for these kind of exploits.