If you may have installed an Android game from its official Play Store called “Balloon Pop 2” then your Whatsapp chat must have been stolen and may have been available over the Internet for sale.
Google has recently removed a game called “Balloon Pop 2” from its PlayStore after it was discovered to be fraudulent and was stealing Whatsapp conversations database of its users, the perpetrators are even selling user’s Whatsapp database online on their very own website called WhatsappCopy.
The website content however is written in Spanish language, revealing that the developers are based somewhere in the Spain; here is the translated screenshot of the Website homepage for your ease,
Even though, the game has already been deleted from the Play Store, the apk is still available everywhere in the wild including the developer’s very own website to download, as can be seen in the screenshot above.
On the other hand, the Game/Website developers are claiming it to be a valid app by stating that their game is offering the way to back-up WhatsApp history to its users; they are even promoting it as a backing-up solution openly.
However after a little research of the website it appeared as the developer’s intentions were completely opposite of what they claimed it to be, here is another screenshot from the website with its translated version,
It translates as, “Want to be notified when you receive a new backup from phone (0331-xxxxxxx)?”
From the above screenshot it is obviously clear that anybody could get notification about the availability of anyone’s Whatsapp conversation history through an e-mail with no authentication whatsoever.
On the side note, if the developer’s purpose were to really offer backing-up solution then they would have warned its users about it at the time of installation of the game. However, this is not true because, without the provision that the users already aware about the website, they never would learn that their private chats is available to anyone who know their mobile number.
Security researcher Graham Cluley who was the first to highlight this matter, has claimed that McAffee is already working to update their Android based Antivirus to detect any script executed by BalloonPop2 application,
“McAfee tell me that they are adding detection of the offending BalloonPop2 application as Android/Ballonpoper for their customers, and I imagine other vendors will follow in due course.” He said.
which website is this screenshot?
Malware attacks increased by half in Android OS after Windows. Being open source Android could face serious issues while iOS is safe on the other hand.
Linux is open source. How many hacks and malwares do you see on Linux? (I know, I know. Android is based on Linux. I’m talking about the desktop version of Linux)
Even if it does happen on iOS, apple removes or recovers it immediately releasing iOS updates.. in Android case, we rely on our vendor who probably does not release any software for updating device to latest version of Android or fixing such issues. We stick with the software we bought year ago or change our device.
WhatsApp is known for their careless attitude towards security, stop badmouthing open source software for that. This would never have been possible if they encrypted the conversations.
Remember folks, a computer/ device can only be as secure as the user operating it. You’ve nobody but yourself to blame if you end up getting infected just because of some stupid too good to be true offer caught your eye :p
I met a person he logged in my whatsapp id within few seconds and told me about my recent messages/contacts
how he logged in ?
i don’t know, he just asked for my whatsapp number
This is still news to some??? Just Google “Whatsapp security” and read till your eyes bleed. No one should consider Whatsapp to be secure