WhatsApp is at the forefront of messaging apps these days. It does boast over a billion users after all.
Now with those billion users also come a billion different people to hack into.
Thankfully WhatsApp fixed that problem somewhat by adding end-to-end encryption to all conversations. This gave the users some semblance of privacy and security.
Spring a Leak?
However, certain scenarios can’t be ruled out. What if WhatsApp itself leaks valuable personal information, despite the encryption measures in place?
Turns out that the app did indeed leak your data in a previous version of WhatsApp (back in June). YouTube user Colin Hardy discovered the issue:
To simplify the issue for everyone, Whatsapp can potentially leak data, with the problem laying with web previews. This is when you type in a website in your WhatsApp conversation and a preview (snippet) shows up above your message as you type. Most users love that and it’s a useful feature as well.
How WhatsApp Leaks Your Data
As you’re typing, WhatsApp will send queries through your IP address directly to the website.
Lets say you’re typing in YouTube.com. WhatsApp will send a request directly through your IP address (the request is traceable) to the website in question (YouTube in this case).
Despite being end-to-end encrypted, WhatsApp will leak your IP address into the wild.
So if someone malicious seems to be watching your activity, they can directly trace your IP through WhatsApp’s query.
How Twitter Avoids This Problem
Normally requests are sent through the service’s own servers. Twitter, for example, sends website queries through its own server instead of directly using your IP address. The link itself is sent in the form of plain text to the server which then requests for a preview using its own IP instead of using yours.
Fortunately WhatsApp recently got updated so they may have fixed the issue. We’re currently testing to see if the problem still persists. Until then, it is prudent to not share links until WhatsApp officially clarifies its stance on this security issue.