WhatsApp hosted in United States, launched in 2009 and currently one of the most popular paid app in iTunes stores, which allows users to send each other text, images, video and audio messages and works across Android, iPhone, Blackberry,Windows phone and Symbian platform has been rebuked by office of privacy commissioner of Canada and Dutch data protection authority in a joint report released on Monday for violation of privacy laws.
When you install the app , you are asked permission to share your contacts so that the software can identify which of your friends are also using the service. Only the iPhone users using iOs 6 or above are given option of manually adding contacts rather than allowing contact list to be scanned. WhatsApp copies your address book to its servers to find matches with other WhatsApp users so you can message one another. Although its not illegal to copy your address book , problem arises when it did not delete the information after running friend-identification check. The contact information of non users was not deleted. Instead the investigating agencies revealed that the data was kept in a hashed form or in other words it was transformed into a short code and stored on its servers. the agencies did not mention whether a strong hashing algorithm was being used or a relatively weaker one.
This falls short of Canadian and Dutch privacy law which states that personal data may only be retained for as is required to fulfillment of a certain service.Both users and non-users should have control over their personal data and users must be able to freely decide what contact details they wish to share with WhatsApp
WhatsApp asks for your phone number because that is how it routes chat messages to your contact similar to how regular SMS system would.
The investigating agencies have been probing WhatsApp for almost a year now and praised WhatsApp for securing the portions of its app throughout the probe which includes
- Messages between users were unencrypted at the start of the investigation, leaving them prone to eavesdropping or interception, especially when sent through unprotected Wi-Fi networks. In response to the investigation, WhatsApp introduced encryption in September 2012.
- WhatsApp generated passwords for message exchanges using information about the mobile devices involved that can be relatively easily exposed, creating the risk that a third-party could send and receive messages on a user’s behalf without them knowing. Password security was upgraded in the newest version of the app.
The Dutch authority will examine WhatsApp in a second phase in which further enforcement actions may be enacted including sanctions. While the Canadian authority does not have order making power it will keep a close eye on the company.
You can upgrade to the latest version of WhatsApp to get latest security updates.