Last month, a researcher pointed out a major weaknesses behind WhatsApp’s implementation of secure socket layers (SSL), a protocol that is responsible for the encryption behind users’ communications, raising serious privacy concerns. Today, WhatsApp has issued an official statement that the reports “have not painted an accurate picture and are overstated”, TechCrunch is reporting.
“We are aware of the reports regarding a “security flaw”. Unfortunately, these reports have not painted an accurate picture and are overstated. Under normal circumstances the data on a microSD card is not exposed. However, if a device owner downloads malware or a virus, their phone will be at risk. As always, we recommend WhatsApp users apply all software updates to ensure they have the latest security fixes and we strongly encourage users to only download trusted software from reputable companies. The current version of WhatsApp in Google Play was updated to further protect our users against malicious apps.”
The company has also said that WhatsApp’s current version has been updated “to further protect our users against malicious apps”. However, another report by The Wall Street Journal notes that security researcher Xuyang Li, who is also the founder of TrustGo Mobile, has discovered another potential privacy glitch in WhatsApp that occurs when users switch phone numbers.
The researcher notes that that when he downloaded WhatsApp, he inherited the account information of a woman named Jessica, the previous owner of Mr. Li’s phone number, complete with her profile photo wearing a red scarf.
Mr. Li says the incident is a reminder that users should be more vigilant about how their personal information is used by mobile apps. “Users have to change their mind-sets from the PC world to the mobile world,” he said.
Mr. Li says WhatsApp could prevent identities from being switched with additional verification and security. He said he had emailed the company and its venture backers, but hadn’t received responses.
On the contrary, WhatsApp has always claimed that it doesn’t store old messages and it does not retain much information about its users.