WhatsApp security settings proved vulnerable with WhatsSpy Public

By | February 13, 2015

WhatsApp has never been a big fan of privacy considering its blue ticks and Last seen feature; but it has worked on the privacy setting to secure the details of its users. Despite all its measures to secure features, recently, a new security issue has been raised that lets one track any user.

WhatsSpy public

While the users of the app have endowed the app with privacy controls and encryption to secure messages, usage pattern, profile picture and status message are still vulnerable. A serious flaw has been detected in a cross-platform mobile messaging app that enables a user’s status to be tracked and also watch their changing profile pictures, privacy settings or status messages no matter what their privacy settings are.

WhatsSpy Public tracks WhatsApp user activities

WhatsSpy Public tracks WhatsApp user activities

Thanks to a Dutch university student for not only alerting the world about the security flaw but also seeking it out. Maikel Zweerink, a Dutch university student has developed a web tool, WhatsSpy Public to track every move of any WhatsApp user. The web tool shows how vulnerable the app could be. Also, he mentions that, “the application is set up as a Proof of Concept that Whatsapp is broken in terms of privacy.”

Once the application is set up, users can track Whatsapp users they want to follow. It can even keep track of activities like online/offline status, profile pictures, privacy setting and status messages. The requirements of the tool is very simple – a SIM card or non-Whatsapp used phone number, a rooted Android phone or jailbroken iPhone or knowledge of PHP code and a web server.

Zweerink has pointed out that his tool has exposed that even a non-WhatsApp account hacker can monitor the activities of a WhatsApp user even if the privacy settings are turned on. He has even invited users to send people’s phone numbers to check the proof in case of doubt on Zweerink’s claim.

The social networking app owned by Facebook, boasts more than 700 million users. It is surprising that this security flaw comes just months after WhatsApp introduced improvements to its security measures. It is a lesson for everyone to be careful not when they are on internet, but even when they are using web-based services like WhatsApp.