WhatsApp, WhatsApp for Android, WhatsApp friends

Users of WhatsApp — particularly those on Android — might have a major security flaw that could threaten user privacy if left unchecked.

As reported on Hacker News (via), this security flaw could make it possible for third parties to gain access to your private WhatsApp messages via downloaded Android applications without your permission.

The culprit? The app’s built-in ability to back up your messages for when you transfer to a new device or restoring from a device reset.

“[uploading and reading WhatsApp messages from another Android app] is not much of a problem.”

“The WhatsApp database is saved on the SD card which can be read by any Android application if the user allows it to access the SD card,” security consultant Bas Bosschert posted on his website. “And since majority of the people allows everything on their Android device, [uploading and reading WhatsApp messages from another Android app] is not much of a problem.”

This is certainly not the first time this year that a security flaw has been found. Popular messaging and sharing app Snapchat was also the victim of a security flaw earlier this year, a flaw that it attempted to fix but to little avail.

WhatsApp was recently acquired by Facebook. While Facebook continues to insist the app will remain independent from the social network’s other offerings, not everyone agrees this will be the case. This acquisition has placed a number of privacy concerns directly in the spotlight.

WhatsApp has not yet commented on this security flaw.

Avatar photo

By Josh Robert Nay

Josh Robert Nay is the founder and Editor-in-Chief of TruTower. He has worked in the telecommunications industry since 2003 and specializes in GSM based technology. He also uses (too many) VoIP apps and is a long-time user of BlackBerry, Android, and Windows Phone. He adores anything having to do with space exploration and writing. In addition to the links below, he can be found on LinkedIn and can also be found on his website at http://www.joshrobertnay.com.