Skip to main content

WhatsApp complains that Android security risks are "overstated"

The Android version of WhatsApp is reportedly vulnerable to hackers who could nab your chat logs, according to a security blogger, but WhatsApp claims the issue has been "overstated."

Earlier this week, DoubleThink chief technology officer Bas Bosschert penned a blog post that said that WhatsApp database allows for the easy installation of malware onto any Android smartphone.

"The WhatsApp database is saved on the SD card, which can be read by any Android application if the user allows it to access the SD card," he wrote. "And since [a] majority of the people allows everything on their Android device, this is not much of a problem."

Bosschert demoed how to steal a user's information; it just takes a basic knowledge of coding, and a distraction, like a loading screen so users "think the application is doing something interesting in the background."

The same bit of trickery can also be used to add code to other applications — Bosschert used the now-defunct Flappy Bird as an example: "Combine it with ... a description [on] how to install applications from unknown sources and you can harvest a lot of databases."

Even newer versions of the app, which include "crypto magic" for extra security aren't immune to attacks, the tech expert said, adding that basically every Android app can read a WhatsApp database and the chats encrypted inside of it.

"Facebook didn't need to buy WhatsApp to read your chats," Bosschert said.

WhatsApp, however, said in an emailed statement that the accusations are "overstated."

"We are aware of the reports regarding a 'security flaw.' Unfortunately, these reports have not painted an accurate picture and are overstated," a spokesman said. "Under normal circumstances the data on a microSD card is not exposed. However, if a device owner downloads malware or a virus, their phone will be at risk. As always, we recommend WhatsApp users apply all software updates to ensure they have the latest security fixes and we strongly encourage users to only download trusted software from reputable companies. The current version of WhatsApp in Google Play was updated to further protect our users against malicious apps."

Less than a month ago, Facebook acquired the popular messaging app in a $16 billion (£11.3 billion) deal. The new partnership certainly has its detractors. Early this month, two consumer groups filed a complaint with the Federal Trade Commission asking the agency to investigate the pending acquisition, suggesting that Facebook will use WhatsApp user data to its advantage.