WhatsApp is hailed as the next big thing in SMS text messaging, capable of delivering international and domestic text-based messages through a phone’s data plan instead of using up the user’s monthly text allowance. However, a recent flaw in the interaction between WhatsApp and several Android phones has made the privacy of these conversations somewhat questionable.
Bas Bosschert, CTO for DoubleThink, was the first to discover and later post this method for accessing WhatsApp chats, which remains a problem even after Android’s most recent software update. The vulnerability, however, is less of a problem with WhatsApp or Android, but more of how the WhatsApp information is encrypted.
WhatsApp stores information, including conversations within the app, on the host phone’s SD card for easy access. Other apps utilize the SD card and access it for their information as well, and the only thing preventing an app from having access to the data relies on the user’s permission settings. Unless an app has explicit permission to access that part of the phone’s data nothing can happen, yet many apps ask for full access to the phone for convenience’s sake. From here, it only takes one wrong step and a single malicious app that could then access the WhatsApp data on the card.
Users rarely verify whether the apps they are downloading are legitimate, and it’s even rarer that they end up reading the entire list of what an app wants access to before they install it, and by that time it’s too late. WhatsApp has attempted to counteract this by encrypting their data better, but Bosschert has reportedly been able to decrypt the most recent iteration of the program, and even implemented a cute loading screen for the user to watch and be distracted from their files being stolen.
The “hack” is more of an issue for how data is stored and how users can be manipulated into downloading malicious apps, a program that has plagued computer users since the dawn of the Internet. Ultimately, the best solution to this problem involves a mixture of improving data storage settings while educating smartphone users to be very careful with what they decide to download.
Edited by
Rory J. Thompson 
QUICK LINKS 
