We need your help now
Support from readers like you keeps The Journal open.
You are visiting us because we have something you value. Independent, unbiased news that tells the truth. Advertising revenue goes some way to support our mission, but this year it has not been enough.
If you've seen value in our reporting, please contribute what you can, so we can continue to produce accurate and meaningful journalism. For everyone who needs it.
Sign in. It’s quick, free and it’s up to you.
An account is an optional way to support the work we do. Find out more.
By continuing, you are indicating that you accept our Terms of Service and Privacy Policy.
A SECURITY FLAW in the Android version of WhatsApp, which allows another application to upload a user’s chats without permission, was discovered.
Bas Bosschert, a security consultant from Holland, found a loophole which would allow third-party app developers to gain access to a user’s entire message database.
Since WhatsApp backs up its chat history and stores it on an Android device’s SD card, any app developer which asks for access to a phone’s SD card can then read and upload WhatsApp’s database. According to Bosschert:
The WhatsApp database is saved on the SD card which can be read by any Android application if the user allows it to access the SD card. And since [the] majority of people allow everything on their Android device, this is not much of a problem.
Android only allows developers full access to the SD card storage or none at all. Any application that can read and write to the external storage can also read what other applications are stored there.
While later versions of WhatsApp encrypt the database, they use a key which can be easily extracted from the app using third-party tools like WhatsApp Xtract.
This isn’t the first time WhatsApp has been at the centre of security concerns. Back in October, Thijs Alkemade, a computer science and mathematics student at Utrecht University in the Netherlands, found that WhatsApp’s ingoing and outgoing messages were encrypted with the same key.
This meant that by intercepting a message, you could cancel out the key and recover the plain text by analysing them
To embed this post, copy the code below on your site
Whoops! Better delete all those saucy texts…..
I feel really bad for the hacker that has to look at my n00dz… He’ll never be the same
Exposed to what? Anyone who sends anything if value on this is a plonker anyway.
It’s all about plugging holes really, isn’t it?
Seriously any sane person wouldn’t send important messages via whatsapp.
So glad I don’t have an android phone anymore
have your say