WhatsApp May Be Leaking Your Personal Data

WhatsApp is at the forefront of messaging apps these days. It does boast over a billion users after all.

Now with those billion users also come a billion different people to hack into.

Thankfully WhatsApp fixed that problem somewhat by adding end-to-end encryption to all conversations. This gave the users some semblance of privacy and security.

Spring a Leak?

However, certain scenarios can’t be ruled out. What if WhatsApp itself leaks valuable personal information, despite the encryption measures in place?

Turns out that the app did indeed leak your data in a previous version of WhatsApp (back in June). YouTube user Colin Hardy discovered the issue:

To simplify the issue for everyone, Whatsapp can potentially leak data, with the problem laying with web previews. This is when you type in a website in your WhatsApp conversation and a preview (snippet) shows up above your message as you type. Most users love that and it’s a useful feature as well.

How WhatsApp Leaks Your Data

As you’re typing, WhatsApp will send queries through your IP address directly to the website.

Lets say you’re typing in YouTube.com. WhatsApp will send a request directly through your IP address (the request is traceable) to the website in question (YouTube in this case).

Despite being end-to-end encrypted, WhatsApp will leak your IP address into the wild.

So if someone malicious seems to be watching your activity, they can directly trace your IP through WhatsApp’s query.

How Twitter Avoids This Problem

Normally requests are sent through the service’s own servers. Twitter, for example, sends website queries through its own server instead of directly using your IP address. The link itself is sent in the form of plain text to the server which then requests for a preview using its own IP instead of using yours.

Fortunately WhatsApp recently got updated so they may have fixed the issue. We’re currently testing to see if the problem still persists. Until then, it is prudent to not share links until WhatsApp officially clarifies its stance on this security issue.

A techie, Overwatch and Street Fighter enthusiast, and Editor at ProPakistani.

  • Who cares about leaks when whatsapp can easily be hacked. You have to scan the code once and the victim is permanently busted leaking all chats and shared media.

    Don’t hand over your phone to anyone specially any hardcore android user. There are many apps available on android store that can be used to hack whatsapp.

    • You can simply log out from browsers, option given in app… It’s your fault you give your mobile to others.

        • It’s the number one rule actually that if you access services like these in a computer that is not yours then it is your responsibility to logout from those services as well. So no, only irresponsibility can get your privacy breached in browser based WhatsApp.

      • I repeat: IT CAN NOT BE HACKED. Hundreds of security researchers have tried & failed to find problems.

        It is telling that you don’t know “how” it was done, you just know it happened. Your experience vs experience of people who are trained to break into software suggests the problem was NOT WhatsApp but some other flaw.

    • If you give your phone to someone else, you have violated first law of security: YOU GIVE OTHERS PHYSICAL ACCESS.

      Once other people have physical access, you lose. It does not matter what kind of phone or computer or software you have.

      So your described situation HAS NOTHING TO DO WITH WHATSAPP.

  • This is not just about WhatsApp and it is not a shocker.

    All these social networking sites, they are doing the same. Ahm ahm *facebook*.

    • Don’t say anything about FB.
      People will not believe you because FB is saint.

      • The thing is, we Pakistanis put so much personal info there. Like what are our hobbies, study details, job details and so much more. Every thing is filled in perfect details. Then they use status updates for each and everything they do. It is obvious that this kind of info is a gold mine for you-know-who for targeted campaigns.

        • Plus we gave FB our phone number too and access to our contacts too. Matlab k zindagi hi pori khol kr day di unhain.

  • Telegram is far more better than whatsapp, specially in terms of security and features, they even now have bots and other unique features which whatsapp should adopt with it’s security features, but they so lag behind in the updates, and most of the updates are just bug fixes..

  • close