WhatsApp is a very popular messaging application, with more than 1-billion registered users.
WhatsApp messages are end-to-end encrypted, using the Signal encryption protocol developed by Open Whisper Systems. The encryption protocol is very secure, and Signal has its own messaging app, separate from WhatsApp.
Because of WhatsApp’s immense popularity, WhatsApp is an easy way to get your family, friends, and co-workers to begin using a encrypted communications. WhatsApp messages are far more secure than unencrypted text (SMS) messages and unencrypted chats.
According to the WhatsApp web-site, "When end-to-end encrypted, your messages, photos, videos, voice messages, documents, and calls are secured from falling into the wrong hands."
Control What you Share
You can also decide what to share with your contacts on WhatsApp, and we encourage you to think carefully before you decide to share something. Ask yourself: would you want others to see what you've sent?
Please be advised that we do not retain messages after they have been delivered, in the ordinary course of providing our service. Once a message is delivered over WhatsApp, to help ensure the safety, confidentiality and security of the messages you send we do not store the message.
However, when you share a chat, photo, video, file or voice message with someone else on WhatsApp, they will have a copy of these messages. They will have the ability to re-share these messages with others on and off WhatsApp.
WhatsApp also has a location feature that you can use to share your then-current location via a WhatsApp message. You should only share your location with people you trust.
WhatsApp Weaknesses and Vulnerabilities
WhatsApp’s parent company is Facebook, and information from your WhatsApp account, such as the telephone number you used to verify your account and the last time you logged on, may be shared with Facebook. While this doesn’t expose the content of any of your WhatsApp encrypted messages, it does associate your WhatsApp contacts with your Facebook profile.
The messages you send via WhatsApp are end-to-end encrypted meaning that only your device has the ability to decode them. This prevents your messages being intercepted during transmission, but says nothing of their safety while on your device. On both iOS and Android it is possible to create a backup of your messages to either iCloud or Google Drive. The backups that WhatsApp create contain the decrypted messages on your device. The backup itself is not encrypted. If someone wanted access to your messages, they would only need the latest copy of your daily backup. It is also vulnerable as there is no ability to change your backup location, meaning that you are at the mercy of the cloud service to keep your data protected. iCloud in particular has suffered a poor reputation for security, especially after its role in the largest celebrity leak in history. One of the supposed benefits of encryption is, for better or worse, being able to prevent government and law enforcement from being able to access your data. As the unencrypted backup is available on one of two US based cloud storage providers, all it would need is a warrant and they would have unfettered access to your messages. In many instances, this renders the end-to-end messaging encryption as redundant.
I recommend that you turn off backups of your WhatsApp messages. Also, don’t keep messages stored in your phone. Once you have read, replied, and no longer need a message - Delete It!
WhatsApp - Should You Use It?
While nothing can be 100% secure, I believe that the security offered by WhatsApp is a significant improvement over unencrypted text messages, chats, and telephone calls. Because of WhatsApp’s popularity, many people with whom you wish to communicate may already be using WhatsApp, but if they are not, WhatsApp is a free, easy, cross-platform application that anyone can quickly install.
By encouraging everyone with whom you communicate to use an encrypted means of communication - like WhatsApp - you greatly improve the security and privacy of your personal communications.
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.