Popular free messaging WhatsApp is being used by millions of people everyday, and most of us don’t think too much of the security behind the service. The Facebook-owned company has recently enabled encrypted communication, but it seems that this wasn’t enough to ensure that service to be bulletproof against hackers who want to break in and have access to your credentials.
Dutch developer Maikel Zweerink has released a software kit that lets anyone see whether WhatsApp users are online, even if their status is set to “private.” He says the following:
WhatsSpy Public is an web-oriented application that tracks every move of whoever you like to follow. This application is setup as an Proof of Concept that Whatsapp is broken in terms of privacy.
According to him, his software can track the following properties of any WhatsApp user: Online/Offline status, profile pictures, privacy settings and status messages. This is actually pretty serious, since it potentially allows anyone with a phone number not tied to a WhatsApp account to spy on users of the messaging app, eve on those protected with strict privacy settings.
As a matter of fact, the developer made the project opensource on Gitlab, probably in order to force the Facebook-owned WhatsApp to move faster and remedy the problem as soon as possible. Zweerink further explains:
You may disable “last seen”, “profile picture” and “status” but this won’t disable this “online” message from showing up. Obviously a lot of people won’t know this still happens, thus creating an pretty broken privacy settings. Due to this feature WhatsSpy Public can track virtually anyone, because anyone can listen for these events.
The developer says he created WhatsSpy Public “for you to realize how broken the privacy options actually are.” This sounds really worrying, especially when you consider the fact that the app is on the track to hit 1 billion users in the near future.