WhatsApp poses threat to the privacy of Users

 

WhatsApp hosted in United States, launched in 2009 and currently one of the most popular paid app in iTunes stores, which allows users to send each other text, images, video and audio messages and works across Android, iPhone, Blackberry,Windows phone and Symbian platform has been rebuked by office of privacy commissioner of Canada and Dutch data protection authority in a joint report released on Monday for violation of privacy laws.

 

WHATS APP

 

When you install the app , you are asked permission to share your contacts so that the software can identify which of your friends are also using the service. Only the iPhone users using iOs 6 or above are given option of manually adding contacts rather than allowing contact list to be scanned. WhatsApp copies your address book to its servers to find matches with other WhatsApp users so you can message one another. Although its not illegal to copy your address book , problem arises when it did not delete the information after running friend-identification check. The contact information of non users was not deleted. Instead the investigating agencies revealed that the data was kept in a hashed form or in other words it was transformed into a short code and stored on its servers. the agencies did not mention whether a strong hashing algorithm was being used or a relatively weaker one.

This falls short of Canadian and Dutch privacy law which states that personal data may only be retained for as is required to fulfillment of a certain service.Both users and non-users should have control over their personal data and users must be able to freely decide what contact details they wish to share with WhatsApp

WhatsApp asks for your phone number because that is how it routes chat messages to your contact similar to how regular SMS  system would.

Privacy policy of WhatsApp, last modified on July 7th, 2012 , on the contrary mentions -  “WhatsApp does not collect names, emails, addresses or other contact information from its users’ mobile address book or contact lists other than mobile phone numbers—the WhatsApp mobile application will associate whatever name the WhatsApp user has assigned to the mobile telephone number in his/her mobile address book or contact list — and this occurs dynamically on the mobile device itself and not on WhatsApp’s servers and is not transmitted to WhatsApp.”  (http://www.whatsapp.com/legal/#Privacy)

 

The investigating agencies have been probing WhatsApp for almost a year now and praised WhatsApp for securing the portions of its app throughout the probe which includes

 

  • Messages between users were unencrypted at the start of the investigation, leaving them prone to eavesdropping or interception, especially when sent through unprotected Wi-Fi networks. In response to the investigation, WhatsApp introduced encryption in September 2012.
  • WhatsApp generated passwords for message exchanges using information about the mobile devices involved that can be relatively easily exposed, creating the risk that a third-party could send and receive messages on a user’s behalf without them knowing. Password security was upgraded in the newest version of the app.

 

The Dutch authority will examine WhatsApp in a second phase  in which further enforcement actions may be enacted including sanctions. While the Canadian authority does not have order making power it will keep a close eye on the company.

You can upgrade to the latest version of WhatsApp to get latest security updates.

Holding on to data from user address book is what got Path into trouble in early 2012.unlike WhatsApp , the social network did not disclose that it was copying address book and keeping it on its servers. path apologized for its actions. However, WhatsApp mentions in its privacy policy that it intends to be an advertisement free zone and does not share that your information with third party advertisers, yet storing non-user contact information can not be explained by any viable reason and is a breach of trust.