WhatsApp’s Android App Has a Security Flaw

Source: Thinkstock

Source: Thinkstock

Facebook’s (NASDAQ:FB) purchase of the app may not be the biggest privacy threat for WhatsApp’s Android (NASDAQ:GOOG) users. Its biggest threat may be a security hole that may allow others with the hacker know-how access to their chats, says a Dutch consultant.

Bas Bosschert, a Dutch security consultant, published a post on his webpage detailing how a user’s WhatsApp database can be obtained fairly easily using a mix of coding and taking advantage of permissions. WhatsApp information is stored on SD cards on Android smartphones, which, Bosschert wrote in the post, can be read by Android applications.

“The WhatsApp database is saved on the SD card which can be read by any Android application if the user allows it to access the SD card,” Bosschert wrote. “And since majority of the people allows everything on their Android device, this is not much of a problem.” Bosschert spent the rest of the post detailing how to hack into the Android version of WhatsApp, using open-source tools and some coding.

WhatsApp prides itself on how the company does not sell user information to make money, a unusual move when many other apps and social media platforms sell user data to make money. When the news broke that Facebook would purchase the app for $16 billion, concerns over how WhatsApp users privacy would be protected arose. Now it seems that for Android users, the permissions needed to run the app may be a more immediate threat than the social media giant acquiring the messaging service.

Media outlets have noted that this is only the latest news that WhatsApp may have a security issue. British newspaper The Guardian’s story about the Android security hole notes that this is the second time in the last six months a security flaw has been discovered: “In October, a security researcher showed that it was possible to decrypt messages as they were sent using no more than data gained through eavesdropping on the WhatsApp connection.”

WhatsApp does note on its website that it may be possible for others to access users’ messages. However it focuses largely on another person handling a WhatsApp user’s phone. WhatsApp has called the claims by Bosschert “overstated” in a comment reported in a PC Magazine blog post. Yet even after the recent update for the Android version, the security hole remains. WhatsApp is also currently on the top charts for free apps in Google Play.

Security and privacy concerns are common on many social media platforms. Facebook, Twitter, and many other social media options have default options that set account information to public unless the user decides to make his or her content private. The lesson here is no app, social media platform, or anywhere online is as private as you think.

More From Wall St. Cheat Sheet: