The privacy of WhatsApp’s Android application can be compromised by granting any Android application access to the smartphone’s SD card, according to technical consultant and chief technical officer (CTO) at Double Think, Bas Bosschert.
Bosschert posted evidence of his findings on his blog, saying: “The WhatsApp database is saved on the SD card which can be read by any Android application if the user allows it to access the SD card.”
The consultant used an Android app to upload a message database to his web server in order to demonstrate his findings
He said that by combing applications with installation instructions for unauthorised software, a malicious user could harvest message databases.
“We can conclude that every application can read the WhatsApp database and it is also possible to read the chats from the encrypted databases,” Bosschert said.
“Facebook didn’t need to buy WhatsApp to read your chats,” he said.
HumanIPO reported this week the Electronic Privacy Information Centre (EPIC) had urged America’s Federal Trade Commision (FTC) to launch an investigation into Facebook’s acquisition of WhatsApp.
The privacy group said the social network was planning on incorporating WhatsApp’s user data into its profiling business model.
According to EPIC, users had signed up for the instant messaging service under the pretense that detailed personal information would remain private.
“The proposed acquisition will therefore violate WhatsApp users’ understanding of their exposure to online advertising and constitutes an unfair and deceptive trade practice,” it said.
Image courtesy of Shuttershock
