Is WhatsApp Safe? Security Issues You Must Know

This encrypted messaging app might not be all that it's cracked up to be, experts warn

When you install WhatsApp on your smartphone, you’re asked to approve the requested permissions, confirm your phone number and import your existing contacts. Is it safe to give one app so much access to your personal information? You always have to be careful of online scams, even on secure messaging apps.

Below, cybersecurity experts weigh in on the app’s security and privacy features, warning that it could make your phone an easy target for hackers and offering suggestions to boost your security. Experts would never have these apps on their smartphones, either.

What is WhatsApp?

WhatsApp is a free mobile and messaging app owned by Facebook. Instead of using a cellular network, WhatsApp needs only a Wi-Fi connection to send encrypted videos, voice calls and text messages around the world. The app launched in 2009, but it really took off when Facebook bought it in 2014. Today, WhatsApp is the world’s most popular messaging app, with more than 2 billion users worldwide.

How does WhatsApp work?

After downloading WhatsApp and confirming your phone number, you can text and call anyone across the globe for free (minus any data charges). But that’s not the only perk of using WhatsApp. The chat app also offers several important security features, including encryption and privacy settings, that help to protect your info from thieves. Aside from using WhatsApp, you’ll want to steal these secrets from people who never get hacked.

WhatsApp encryption

WhatsApp uses end-to-end encryption to protect all communication on its platform. These encryption keys not only make it impossible to decrypt messages, but they also prevent third parties and even WhatsApp from accessing messages or calls. That means “only you and the person or group you are communicating with can read or see the messages, photos or files you send, or listen to the calls you make,” according to James E. Lee, chief operating officer at Identity Theft Resource Center.

WhatsApp privacy

In addition to its encryption function, WhatsApp allows users to customize their privacy settings, including the visibility of their status and profile to others. But keep in mind that not everything you do on the app is private. WhatsApp “does collect and share information about how you use the service, including sharing information with their parent company, Facebook,” Lee says. You can learn more about what information is collected and how it is used by reading WhatsApp’s privacy policy. FYI: If these apps are still on your phone, someone could be spying on you.

Is WhatsApp safe?

Not entirely. Although end-to-end encryption makes WhatsApp more secure than other communication apps, no app is 100 percent safe to use. Like any app or digital device, WhatsApp is often targeted by bad actors. The app also has access to your contacts and tracks where and how long you use it, putting your privacy and personal information at risk. Here’s why you should be worried about smartphone apps stealing your data.

WhatsApp security issues

In May 2019, hackers learned they could infect phones with spyware by calling victims through WhatsApp. WhatsApp quickly fixed the software bug, but criminals are always searching for new vulnerabilities in apps. What’s more, WhatsApp can gather and store data on “how you interact with others using our services, and the time, frequency and duration of your activities and interactions,” according to its privacy policy—and could even share that info with police. Watch out for these warning signs your phone has been hacked.

How to protect your privacy

Unfortunately, “no app is ever completely safe from attackers,” says Theresa Payton, CEO of Fortalice Solutions and author of Manipulated: Inside the Cyberwar to Hijack Elections and Distort the Truth. To safeguard your phone and personal information, Lee recommends frequently updating your apps and smartphone software, maximizing the app’s privacy settings and never sharing risky content. Read more tips to protect your smartphone from viruses.

silhouette of a person holding a cell phone in front of a WhatsApp Messenger logo displayed on green background.NurPhoto/Getty Images

Are WhatsApp conversations private?

WhatsApp’s end-to-end encryption feature ensures that all your communication on the platform, including messages, files and calls, is private and can only be viewed by you and the recipient. But Payton suggests thinking carefully about how much you trust the person you are communicating with in the first place. “Once you send something digitally, there is nothing preventing the receiver of the message from taking a screenshot or recording what you sent on a separate device,” she says.

How long are WhatsApp conversations stored?

For the privacy and security of users, conversations on WhatsApp are only stored on your device and not on WhatsApp servers. However, messages that cannot be delivered—if, for example, the recipient is offline or not connected to Wi-Fi—are held in WhatsApp’s server and only removed once they are delivered. Delivered messages are stored on your device indefinitely or until you delete them yourself, while undelivered messages are deleted after 30 days. In addition to old messages, you should never store these things on your smartphone.

Can WhatsApp conversations be deleted?

The latest version of WhatsApp allows users to remove messages from their device as well as the recipient’s chat (within an hour of sending the message). To delete a message in WhatsApp, tap and hold the message, tap “Delete” and then choose “Delete for Me” or “Delete for Everyone.” You can also turn on a self-destruction timer feature, which makes your conversations disappear after seven days. Once messages are deleted, you cannot recover them again. But don’t forget that recipients can always take a screenshot or record what you sent on another device before it’s deleted, Payton says. Once your messages are secure, learn how to arm yourself against this year’s top security threats of smartphones.

Common WhatsApp scams

Like on any app, there can be cybercriminals and other bad actors on WhatsApp. There are a few common scams that can be used to try to take over your account or get you to send money to a scammer.

Impersonation scam

In this scam, a cybercriminal will message you on WhatsApp pretending to be a friend or family member. They will say that their phone is broken or there is something wrong with their phone number, so this new WhatsApp profile is the best way to contact them. A key clue is that the profile won’t have a picture or other personal information, because it isn’t really someone you know. The scammer will ask you for money right away, inventing an emergency or other reason why you should send money to their WhatsApp account.

Red flag: Any message out of the blue from a friend or loved one saying they have a new number and need money right away

Verification code scam

In this scam, you’ll receive an unexpected verification code from an unknown number. An unknown sender will apologize for accidentally sending you their WhatsApp verification code, and ask you to tell them what the code is. This is actually a hacker, who is trying to log in to your account with your information and the unique verification code sent to you. If you tell them the verification code you were sent, they will be able to use it to gain access to your account and then change the password to lock you out.

Red flag: Anybody asking for your WhatsApp verification code

Gift card and survey scams

In this scam, you’ll get a message with a link inviting you to take part in a survey or to register for a free gift card. Although the prize may sound tempting, this is just a ploy to get you to click on the link. This may download malware onto your computer, or it may ask you to input personal information, which the hacker can then sell.

Red flag: Any message asking you to enter personal information or click on a sketchy link

How to avoid WhatsApp scams

Like bank scams and Venmo scams, there is good advice that you can follow to avoid falling victim to a WhatsApp scam.

  • Practice good password security by never telling anyone your WhatsApp password for any reason—even if you think the person asking is a friend or loved one.
  • Never share your verification code with anybody.
  • If a friend or loved one reaches out for help, always verify they are who they say they are by asking personal questions hackers wouldn’t know the answer to.
  • Don’t click on any sketchy links.
  • Never fill out any personal information unless the request is coming from an extremely trustworthy source.

Sources:

Close up of young woman having coffee and reading news on mobile phone in the early morning before workd3sign/Getty Images

How to Hide Apps on an iPhone

Brooke Nelson
Brooke is a tech and consumer products writer covering the latest in digital trends, product reviews, security and privacy, and other news and features for RD.com.