How secure is whatsapp?

Recently I read an article about whatsapp and its end to end encryption method. What I understood was that only the sender and receiver can read the contents of the message.
But I also read that, whatsapp is a no go for privacy enthusiast, as it stores the meta data of the users.
Also it shares the phone number of the users with facebook, which has a history of invading people’s privacy.
So my question is when I grant the permission of my gallery, microphone, camera etc., can whatsapp access it without my consent? And if not, then what do they do with the media data?

Hi Vivek,

Thanks for asking this. It’s a much more common question than you may realise!

Our friends at the Electronic Frontier Foundation have some excellent material helping explain this; they updated the excellent surveillance self defence guide they maintain to explain some of the biggest security concerns with WhatsApp. https://www.eff.org/deeplinks/2016/10/where-whatsapp-went-wrong-effs-four-biggest-security-concerns

That includes explaining what’s WhatsApp (and Facebook) stores, and the differences between WhatsApp’s usage of the Open Whisper Systems Signal encryption protocol and how Signal itself uses it (TL;DR: Signal is much more trusted and keeps far less data about who you message and about what, and is more trusted in the security community).

You may also want to see what IFF has said on this as part of its ongoing legal intervention in the Indian Supreme Court’s constitutional hearings on WhatsApp being bought by Facebook and transferring data to the later.

Hope this helps! Happy to chat more.

Raman.

7 Likes

And here’s a more recent update from the IFF team on that case:

4 Likes

Hi Raman.
Thanks for the info and the elaborative link. That was more than helpful. Hope whatsapp clarifies and gives out its detailed privacy policy.

1 Like

India being the largest market for Facebook, this question is of utmost significance since 98% mobile users use Facebook family of products.

WhatsApp was founded in 2009 by Brian Acton and Jan Koum, former employees of Yahoo. which was acquired by Facebook in February 2014 for approximately US$19.3 billion. It became the world’s most popular messaging application by 2015. In the mean time in 2016 WhatsApp completely adopted E2EE using Signal’s open source protocol, the whole operation started back in 2014, an year before it become the most popular IM app. So Facebook bought WhatsApp in between this transition to E2EE. Why? Red Flag - 1

Now technical stuff in easy terms: Whatsapp uses signal E2EE protocol but it has many loopholes, because the implementation is opaque for the matter of fact that the client side is closed sourced. So u cannot say for certain how the implementation is done. Also the chat backup is unencrypted. Red Flag - 2.

Always listen to the opposition for constructive criticism.
Read - https://telegra.ph/why-whatsapp-will-never-be-secure-05-15

A group of German Security team investigated WhatsApp’s end-to-end encryption way back in 2015 in it’s early phase. The results show that WhatsApp might use Signal(back then TextSecure’s) exemplary encryption designed by Moxie, but implements it in such a fashion that is of little use in the real world.

Plus it has access to the contact list. This discussion can be longer but i wanna end it here for now. So in My opinion WhatsApp is a strict NO NO IM choice. Try Signal, Threema for a matured stable user experience.

Read - https://www.huffpost.com/entry/six-reasons-you-should-stop-using-whatsapp_b_57f6ca32e4b0d786aa52ad91