The Facebook-owned company uses end-to-end encryption by default, but that doesn’t mean the service’s settings are as private as can be.
In the summer of 2016, WhatsApp made changes to its security policy. The Facebook-owned company has enabled end-to -end encryption by default for more than a billion users who have downloaded it, making it the world’s largest encrypted messenger.
According to Facebook, no one can read or extract data from the content of messages sent by the user. The only people who can access them are the participants in the conversation and their phones, which act as endpoints in the encryption settings.
However, one fact was still hidden. After the introduction of end-to-end encryption, the messenger urged everyone to back up their correspondence, without saying that messages in the cloud are no longer protected by end-to -end encryption and hackers with law enforcement agencies can receive them in clear text.
The encryption that WhatsApp uses was originally developed by Open Whisper Systems, the group behind the Signal app. That WhatsApp’s end-to-end encryption really protects your messages, including files, pictures, and calls, as long as they don’t reach the WhatsApp servers.
In fact, when it comes to WhatsApp versus Signal, it is recommended to download the latter to get maximum security and privacy.
Telegram developer Pavel Durov has repeatedly given reasons to remove WhatsApp from his phone.
In 2019, the world was shocked by the news that WhatsApp turned any phone into a tracking device, making all data on it, including photos, letters and messages available to attackers.
In 2018, a critical vulnerability was discovered in WhatsApp, when hackers could download all your phone data simply through a video call.
There are dozens of such news, and every time WhatsApp supposedly fixes a vulnerability, a new one appears in its place. Just remember the recent news about text bombs that broke the application. To restore access, you had to reinstall WhatsApp, completely losing access to your correspondence, unless, of course, they are stored in the cloud, which is read by the FBI.
New WhatsApp text bombs break the app, killing phones around the world
There is currently no solution yet for this issue, so users are advised not to open messages received from unknown numbers or contacts.
WhatsApp’s shortcomings can also include a closed and well-encrypted code that does not allow independent experts and third-party developers to check the application for backdoors. Even the founders of WhatsApp made the decision to leave the company due to concerns about users’ privacy, admitting that they "sold their users’ privacy."
The best way out of the situation is to switch to a secure messenger, such as Telegram or Signal. However, since over a third of the world’s population uses WhatsApp and its popularity is unmatched, you may not be able to drag all your friends, family, and important groups to Signal, or Telegram. If you’re still being held hostage by the Facebook empire and have to use WhatsApp, here are some tips to make it as private as possible.
Now is the time to understand what data WhatsApp collects
WhatsApp is able to collect much more information about you than you might think. Much of what it collects is similar to what any other application accesses. All information can be found in the program’s privacy policy. This application is also part of Facebook, and all information is combined with other data that you provide to the social network, as well as its other resources, including Instagram.
WhatsApp knows your phone number, device information (including model, country code, and operating system), and some device usage information (when you last used WhatsApp, when you signed up, and how often you send messages). All this data is shared with other Facebook companies. Some of these data exchanges have been controversial. In May 2017, the company was fined £94 million by the EU for combining WhatsApp phone number information with Facebook data.
Any data sharing could be subject to further scrutiny in the future as Facebook seeks to combine the infrastructures of WhatsApp, Facebook Messenger and Instagram. However, it’s worth emphasizing that the content of the messages you send is not shared, as Facebook has no access to them due to end-to -end encryption, but only until you make a backup.
WhatsApp collects more information about you than what is shared with Facebook. Much of this is metadata, which can reveal user behavior. The company’s privacy policy states that it collects information about how you interact with other users (time, frequency, and duration of communication with other users), some diagnostic information about when the application crashes, and other information such as any statuses you set, group invitations, profile photos, and online status.
In addition, WhatsApp may also collect information about your phone’s battery level, signal strength, and mobile operator. Location information, when you turn it on, will also be collected by the company, there are even cookies that track user activity on the desktop and web versions of the app.
How to check your smartphone and laptop for spyware
In this article, we’ll show you how to check your phone, laptop, and online accounts to make sure no one is spying on you.
Disabling Cloud Backup
WhatsApp lets you back up your chats and data as a convenient way to move all your information to a new phone. Though it doesn’t work if you want to switch from iPhone to Android.
WhatsApp wants you to back up your data. If you have not enabled this feature, the program will prompt you to start backing up every month. But there is a very good reason why you should not back up your data to the cloud. As we said at the beginning, your message backups are not properly encrypted. This means that if someone else is accessing them, the messages can be easily read. This process, as it were, destroys the whole essence of the original end-to-end encryption.
For example, with a query, law enforcement can see how chat and message log backups are being transferred. In June 2018, former Trump campaign chairman Paul Manafort, who is now a convicted and serving seven years under house arrest, accessed WhatsApp messages with an iCloud request.
WhatsApp unencrypted backups have been a problem for years. This is one of those vulnerabilities that the company is aware of. Some reports say that WhatsApp is already testing password-protected backups, but these have not yet been widely adopted or officially introduced by the company.
Enable two-factor authentication
You should use two-factor authentication as often as possible. This is very important for accounts that contain your sensitive information such as photos and messages. This security method involves adding an extra step when logging into an account. In most cases, this is due to the use of a security code generated by the application and sent via SMS, or a physical security key. The last one is the most secure way to protect your accounts.
Using WhatsApp is different from logging into your email. It is likely that you will access the application several times a day, the average user opens the application 50 to 80 times per day. Entering the security code every time this happens would be impractical and inconvenient. Therefore, two-factor authentication should be activated, which can be enabled through the settings menu and then tap on the account using your PIN.
WhatsApp will regularly ask you to re-enter the six-digit PIN you create to access the app. The PIN will also be required any time an attempt is made to add your number to a new phone or device. When you set up a PIN, there is also the option to add an email address that can be used to reset the code if you forget it.
Protect your personal information from strangers
There is WhatsApp spam and social engineering attacks designed to steal personal information. Every few weeks a new scam will circulate where attackers want to compromise accounts. WhatsApp has even threatened legal action against those who overwhelm users with a massive amount of messages.
There are several steps you can take to limit how people interact with your account. All of them are in the settings menu – click on account and privacy. You can turn off read receipts, the two blue checkmarks that show up when someone has read your message.
More effective are steps that prevent people from adding you to groups. In the Groups section, there is an option to restrict who can add you to a group. By default, this option is set to "All". However, it can be changed to "All your contacts" or "All your contacts, except for some people" that you will block.
How to prevent Facebook from collecting data about you outside of the social network
The Facebook Corporation can track almost all of your online activities and link them to you. Placed on any page, the Like and Share buttons from Facebook track that you visited this page, even if you did not click on them. Facebook Container plugin[ https://addons.mozilla.org/en/firefox/addon/facebook-container/ …
Choosing to limit who can add you to groups doesn’t mean you can’t join groups when people aren’t in your contacts. Instead, people who want to add you to groups can invite you with a special message.
You can also turn off who is able to see your profile picture, version section, WhatsApp status, and the last time you logged into the app. When you are in the privacy settings, you should also check if you are sharing your location with anyone or not.
If you’re going for the most secure approach, it’s also worth considering what information can leak through your phone’s screen. New message notifications can include the entire message or just part of it when they pop up on the screen. If these notifications go unread, anyone who activates your device can read them without having to unlock your phone.
The notification settings are outside of the WhatsApp app. To change them, you need to go to your iOS or Android settings and notification options, where message previews can be turned off. It is likely that you will have to do this on a per-application basis.
Switching to Signal or Telegram
If you want more privacy, changing your messaging app is the best solution and well worth the time and effort. As previously mentioned, it is preferable to combine end-to-end encryption with a higher level of privacy.
Signal allows you to hide data and use facial recognition or fingerprint sensors to access messages. Messages can also disappear after a certain time, there is an option to blur people’s faces in photos and videos.
However, Signal focuses more on privacy than user experience. This is where Telegram comes to the rescue, which meets both of these criteria.