WhatsApp has been touted as the most secure messenger app since BlackBerry’s original messenger service (BBM). But recent security flaw exposure has caused a lot of people to think twice about the security of WhatsApp.
Trusting Free Messenger Apps
Facebook (parent company of WhatsApp) has repeatedly told the public that WhatsApp conversations are entirely secure. Nobody, not even the company that might own your phone, is supposed to be able to hack into your WhatsApp conversations or archives. But how true is that claim?
Recently, The Guardian newspaper exposed a backdoor security flaw that suggests Facebook might be able to tap into and read messages. WhatsApp’s response is that these small flaws are the price you pay for creating free software that is accessible to billions of people. Just how big or bad is this security flaw?
It’s the Small Details
The newly exposed security flaw suggests that WhatsApp can force a device to generate an encryption key when a user is offline. If someone sends a message to that device while it is offline, a sender can then re-encrypt messages and resend them.
This means that someone can easily read messages if they know how. Further, it means that WhatsApp has access to messages and can also give this information to anyone that asks for it (governments, companies, etc). How many people use WhatsApp to send secure information that other people might want to read?
Not Your Average Joe
Typically, the messages that the average person sends aren’t the messages governments would be interested in reading - companies, maybe, but not governments (well, most governments, that is). But WhatsApp does have some users that might have a few secrets - diplomats, for example.
Terrorists and other extremists tend to not use any third party free messenger system. These people don’t usually trust these systems, so they’re probably not going to send messages through WhatsApp that people would want to read. Still, the fact that there is a security flaw has caused a lot of rifts isn’t great news for a messenger app that claims to be entirely secure.
WhatsApp’s Unapologetic Answer
You might think that a company like WhatsApp would apologize for a security flaw considering the recent details that have been exposed, but that’s not the case. Instead, WhatsApp is unapologetic - the company has stated that the security flaw is not really a flaw at all. It’s what happens when a company like WhatsApp tries to make sure that no user misses a message.
When users have a new phone, swap SIM cards, or refresh a phone for any other reason, WhatsApp creates a new set of security keys. Why? Simply to make sure that conversations remain secure. This ensures that any messages sent to your phone while you are offline are waiting for you when you do restart your new phone or swap a SIM.
Essentially, WhatsApp is trying to prevent any security issues while keeping users happy. In doing so, the company has also created a security flaw.