New Whatsapp Security flaw allows nefarious apps to access Chat Conversations

A new privacy issue has been detected in the popular social messaging platform Whatsapp. According to a technical consultant from Netherlands, the recent Whatsapp update could have opened up a new flaw in the messaging app, which may put the privacy of the users at risk.

The issue, as found by Bas Bosschert, who has experience of over 10 years with Linux and Unix, allows nefarious apps to access the chat history from the messaging app. Whatsapp allows its users to create a backup of their chat conversations, which is just a precautionary measure if the user loses his phone or reinstalls the app. The backup is usually saved in the SD card of the smartphone, which is the real problem in this case.

Nefarious apps can access these chat conversations and upload it to their server without the knowledge of the user. For this, these apps just require permission to use the memory card on the phone, which is actually quite common with many apps. So, if it somehow manages to get this permission on the phone, then the user’s privacy will be at risk. He also adds that if an Android gaming app comes with a special code, then it can access the Whatsapp’s user database.

“During the upload of the WhatsApp database files we will display a simple Loading screen, so people think the application is doing something interesting in the background.” said Bos in the blog post where he explained how he detected the issue.

While Whatsapp messages are now encrypted, decrypting them is actually not a big deal. Bos managed to decrypt it using a simple python script which clearly shows any app developer can take advantage of this flaw. Once decrypted, the database can be converted into excel for easy access.

After Facebook acquired Whatsapp a month back, many were worried about the privacy policy of the messaging app. Given that Facebook has a history of privacy problems, this news could further weaken the trust of the users. However, one should note that the issue probably existed even before the acquisition, so Facebook may not be the culprit here.

For now, users will have to be careful about what permissions they grant to the apps. That’s the only way they can avoid such issues. But hopefully, before anyone starts taking advantage of this flaw, Whatsapp will release a security patch to fix it soon.

For comments and suggestions, leave a message in the comments section below. Like and Follow our Facebook page for more stories and to stay up-to-date with the latest happenings.

About the author

Joel is an experienced blogger who covers all kinds of news relating to tech. He is a huge fan of Android and can be seen playing around with his phone in his spare time.