Almost all messaging apps have support for link previews, a convenient feature that expands any website links you send or receive in a chat with images and a brief description. However, a recent study has shown that these previews can leak sensitive data, drain your battery, and consume limited bandwidth.
For an app to generate a preview, it has to visit the link, open the file that’s in there, and survey it. This can leave you vulnerable to malware, or force an app to download files that are too big, causing it to crash, drain the battery, and consume bandwidth.
Some of the worst offenders in this list of apps included messengers from Facebook, Instagram, LinkedIn, Line, and a few others. Some cases of these apps were found with vulnerabilities such as leaking IP addresses, unnecessarily downloading gigabytes of data in the background, and exposing links sent in end to end encrypted chats.
Facebook Messenger and Instagram showed the worst results as they would download a copy of a linked file in its entirety, even if it was gigabytes in size. Most other apps would cap the amount of data anywhere from 15MB to 50MB.
Though the positive side of this study showed that most apps were doing things the right way by giving users the option to show previews for links. This included Signal, Threema, TikTok, WeChat, and a number of others.
Regardless, the findings of the research act as a good reminder that private messages aren’t always private.