WhatsApp Security: The Ten Biggest Risks | Total Security

Smartphone instant messengers have long outstripped SMS. Above all WhatsApp: Almost 1 billion people worldwide are already using this service, which now belongs to Facebook. WhatsApp but also Facebook itself have repeatedly been criticized by data protection experts because of security gaps, among other things. How safe is WhatsApp today? What dangers lurk when using the messenger service? What does WhatsApp security mean today? How can I best protect my data and my privacy with WhatsApp? Are there alternatives to WhatsApp?

WhatsApp Security and Data Protection - Two Different Universes?

At the start of the messenger, the answer would have been a shockingly clear “Yes!”. All communication and all data were transmitted completely unencrypted. With a so-called network sniffer or a corresponding app, resourceful data sniffers and hackers were able to intercept all data traffic and read all communication. It was like listening to the conversation at the next table unhindered in the café. In 2013, for example, it became known that hackers could access PayPal accounts via WhatsApp and that there were loopholes in the registration process that made it possible to steal WhatsApp identity. A new WhatsApp trick concerns emoji subscription traps: users receive messages that promise to be able to use animated emojis and henceforth have to pay 12 euros per month.

WhatsApp has made improvements in terms of security. WhatsApp has been using so-called end-to-end encryption since the end of 2014 but is still limited to Android. With end-to-end encryption, the data is encrypted across all intermediate stations. The encryption starts with the sender of the message and ends with the final addressee. After all, the source code for the "Open Whisper Systems" technology used here is open.

Nevertheless: Experts still warn against WhatsApp - for example because of the "Facebook-typical" lack of transparency as well as the still existing security gaps and the unconvincing data protection guidelines. The American civil rights organization "Electronic Frontier Foundation" (EFF) has in its study "Secure Messaging Scorecard Messenger" Instant messenger services compared and Whatsapp only gave good marks in two out of seven test areas. Below you can read in the box what you should pay attention to most when using WhatsApp.

The Ten Biggest WhatsApp Risks

1. WhatsApp and Facebook are subject to US laws - access to encrypted data is possible. Of course, it's all a matter of trust: all data is on servers in the USA. According to the law applicable there, the so-called Patriot Act, US authorities can request the company to release the personal data of users without judicial approval. This would mean that previously encrypted messages could be decrypted and the personal user data of the NSA, secret services, etc. would be freely available.

2. Problems with data protection: transmission of personal data. If users do not prevent this by default - this is only possible with some iOS versions and restricts functionality - all personal WhatsApp contact details are sent to the WhatsApp servers in the United States for data comparison. This also includes data from people who may not use WhatsApp at all and would have to be asked for Erelaubnsi under German law. WhatsApp claims to only transmit phone data.

What WhatsApp calls data protection (path: Settings> Account> Data protection) does not comply with German data protection regulations. WhatsApp's guidelines define the visibility of data for other users but do not explain how the collected data is handled. The terms and conditions are only available in English. WhatsApp guarantees rights to its own profile pictures and status messages in the terms and conditions, but not to all of its own chats. It's all a matter of trust ...

3. Read Facebook and floppy hats? Facebook spent $ 19 billion on WhatsApp acquisition in 2014 and was in the crosshairs of the Snowden Prism revelations. In case of doubt, this could mean that secret services, investigative authorities and hackers may already be able to read WhatsApp content. It is up to each user to have confidence that the services will operate independently of one another.

4. Despite encryption, there are still security loopholes. Messenger introduced end-to-end encryption of data transmission. iOS and Windows The phone is still left out. So far, encryption has been limited to personal messages. Group chats or pictures are not yet encryptable. Security gaps remain: The E2E encryption is not carried out permanently. Messages and data are partially transmitted to WhatsApp servers in cleartext. The information includes locations, telephone numbers or contact details, access to the camera and microphone, and much more. By the way: German data protection experts are not 100 percent convinced of the encryption.

5. Browser version with security holes. Since the beginning of 2015 WhatsApp has offered a version for the desktop that is compatible with the Chrome, Firefox, and Opera browsers. All smartphones on which WhatsApp is installed can be used. At the beginning of 2015, a security specialist in the USA discovered that further dangers are lurking here and that there are security gaps: Images were still visible on the desktop that had already been removed from the phone. The changed visibility settings of the users were apparently not reflected on the desktop or only reflected later.

6. Rip off by WhatsApp clones, chain letters, and similar cybercrime. As with other popular apps, free or cheap WhatsApp clones are already being offered online. Many a victim is said to have fallen for the message "Your WhatsApp subscription is expiring - click here now (...)". The result: From now on, fees of 5 euros and more per week are due for such rip-off services. Messages spread like lightning on WhatsApp. This is often used by cybercriminals to distribute links to subscription traps via spam messages or chain letters.

7. Risk of malware attacks. WhatsApp's huge popularity is a hit for malware spreaders. The US security company Check Point recently found out that around 200 million WhatsApp web users around the world were at risk of catching a virus. This malware had spread by sending VCF contact files.

8. Be careful when making calls via WhatsApp. Researchers found that WhatsApp telephony does not track content, but metadata.

9. Risks when changing phone numbers. As Stern researched in 2014, after changing phone numbers the

personal data on WhatsApp may be still linked to the previous owner of the number. Consequence: The new owner of the device, who has taken over the old number that has become free, can read old chats and contacts from the previous phone number owner.

10. Cyberbullying. Risks for WhatsApp security involve not only the use of the app but also the type of use of WhatsApp. Insulting comments or pictures that were not intended for third parties are easily, quickly, and thoughtlessly sent in large groups with the Messenger. Children and young people, in particular, are at great risk of falling into WhatsApp cyberbullying traps and should be protected from them - read more in our Trojan info special “Internet child safety”.

Install Protegent Total Security to protect your data from cyberbullying.