WhatsApp is a really popular chat app – they recently crossed the 2 billion user mark. The Android app also crossed the 5 billion install mark on the Google Play Store and follows in the footsteps of its owner, Facebook – its the tenth app to reach that spot.
Facebook had bought it for $19 billion when it had 450 million users.
WhatsApp has had it fair share of security issues with the recent and major one that Jeff Bezo’s phone was hacked through an infected WhatsApp file.
The app isn’t the safest among its peers such as Telegram whose founder, Pavel has openly said is dangerous to use.
For encryption, WhatsApp uses the Signal Protocol that was developed by Open Whisper Systems -an open-source software ran by entrepreneur, security researcher and cryptographer Mathew Rosenfield(he goes by the pseudonym Moxie Marlinspike)
He was a former head of the security team at Twitter.
This same protocol is used by Signal, another privacy-focused messaging app, Allo, Facebook Messenger and Skype.
Facebook can’t read your WhatsApp messages thanks to this end-to-end encryption.
What Data WhatsApp collects
WhatsApp collects alot of data and this includes information users provide, information the app collects and third-party information.
It’s worth stressing that WhatsApp doesn’t store your messages, only the undelivered ones that are stored in their servers for up to 30 days as they try to deliver them.
Information you provide includes your account information, your messages, your connections and customer support. Information WhatsApp collects automatically include usage and log information, transactional information, device and connection information, cookies and status information.
Third-party information inlcude information other people provide about you, third-party providers and third-party services.
Facebook, the company that owns WhatsApp has come under intense scrutiny now that they intend to merge its messaging platforms between WhatsApp, Instagram messaging and Facebook Messenger.
The European Union recently fined Facebook after it told regulators that it couldn’t share WhatsApp phone numbers and Facebook data and they went ahead and did it.
How do I protect my privacy and stay secure on WhatsApp
Disable Cloud Backups
Cloud backups are allowed on the app and are helpful when you get a new phone and want to keep your previous chats.
The reason why you’d want to disable cloud backups either on Google Drive on Android or Apple iCloud on iPhones is that these cloud services can handover your data when law enforcement request for it.
It’s unclear if WhatsApp informs a user when their account is being searched – its parent company Facebook lets know their account is being searched unless when they’re ordered not to.
These backups aren’t encrypted very well and thus your messages can easily be read.
“There is no middle ground: if law enforcement is allowed to circumvent encryption, then anybody can,” said Amnesty International in an open letter to Facebook.
It’s worth noting that WhatsApp doesn’t have open law enforcement guidelines like Facebook. WhatsApp can be ordered to install a pen device that provides metadata which WhatsApp’s encryption doesn’t keep private. Other pen registers can collect more information such as device identifiers and IP addresses.
The metadata WhatsApp collects is enough to help federal agencies figure out the behavior of a person of interest.
Signal doesn’t store any such metadata – however, contact numbers are shared with Signal servers. Signal then uses hash encryption algorithms to bruteforce these hashes.
“The best practise is to purge this information(metadata),” said Neema Singh Guliani, legislative counsel with the American Civil Liberties Union (ACLU).
Early this year, it was revealed that WhatsApp was working on password protected backups.
Set up Two-Factor Authentication
Two-factor authentication is a very important feature that you should not only enable on WhatsApp but also on all your online accounts.
You can either choose text based, app based or hardware based(physical security key) 2FA methods.
SMS based is easiest to setup and more adaptable for most users.
Each time you want to verify your phone number on WhatsApp, you’ll be required to create a six-digit pin created with two-step verification on the app.
Simply, open WhatsApp then head to Settings > Account > Two-step verification > Enable.
You can then opt to add your email address so that WhatsApp sends you link via email to disable two step verificatuon in case you forget your PIN.
Once setup, WhatsAp will irregularly prompting you to reenter the PIN. These prompts will come in handy especially if another perosn is trying to add your number to a new device without your knowledge.
Manage how people can interact with your account
One of the first steps is to disable read receipts. Here’s a handy guide on how to do that for WhatsApp and other social media apps.
Control who adds you to Groups by heading to Settings > Account & Privacy > Groups and then opt out of the “Everyone” option which has been enabled by default to either “All of your Contacts” or “All of your contacts except the people you’ve blocked.
This ensures that people who want to add you to groups randomly will have to send you a text message for your consent.
You can also limit who sees your profile photo, about section, last seen, live location and the about section too.
Another step you can take is disable notifications for both that appear on the lockscreen or the notification shade so nobody reads the message preview without having to open the phone or the app itself.
Here’s a step by step guide on how to do that.
You should do this on per app basis and not just WhatsApp only.
Articles in this stream
Here’s how to protect your privacy and stay secure on: