When WhatsApp decided to let users hide or display the ‘Last Seen’ info, many hurried to disable a feature they considered a breach of privacy. However, shortly after came the blue check marks, which caused angry reactions from users who considered it yet another intrusion into their privacy. The new feature proved to be rather unpopular among many, and so, the instant messaging service decided to let users disable the annoying tick marks and breathe a big sigh of relief.
Despite all the measures you may take to hide as many details as you can about your digital life, a lot of that information is still available to third parties. For example, even if you change your WhatsApp privacy settings, any would-be snooper can still see the time when you are online.
WhatsApp is aware of this design flaw since the end of last year; however, they haven’t done anything about it. Users are normally not aware of this bug, so it has been mostly overlooked.
Now, however, Dutch developer Maikel Zweerink has released an application that demonstrates that WhatsApp users’ online status and other information can be monitored, even with the strictest privacy settings: WhatsSpy Public.
The name might ring a bell as it is similar to another tool, WhatsSpy, which claimed to have similar features to WhatsSpy Public (or even more invasive), even though it turned out to be a fraud.
Even if the ‘Last Seen’ option is disabled, WhatsSpy Public can still track the user’s online status, as well as the last time of connection and any changes made to profile photos. Zweerink’s intention is not to provide snoopers with the perfect tool to spy on other people indiscriminately, but highlight the messaging service’s ineffective privacy options.
Everything started as an experiment. Zweerink was trying to build a bot for personal use, when he realized that someone could use a similar tool to track other people’s digital footprint. He then decided to develop an app to fully expose and share his discovery with other people.
Once the app is installed, all you have to do to retrieve the online status of any telephone number is to add it to your contacts and open a chat window, without alerting the phone number owner or asking for their permission.
The bot displays the victim’s information in the chat window, just as if the snooper had actually subscribed to the other user’s account. Attackers could use the tool to track any WhatsApp user they choose to follow, even though Zweerink explains that the app is not designed to support a large number of requests.
Maybe it is not too serious that other people may know when you are online or not, but Zweerink believes it is unacceptable that WhatsApp’s privacy settings simply don’t work. In his opinion, the company is giving users a false sense of security by ensuring it protects some private information it actually doesn’t protect.
Zweerink also warns that this information could be used not only by friends or contact but also by companies. Many Internet advertisers use the trace people leave on the Internet (the Web pages they visit, their online activities, etc.) to design custom advertising campaigns; and they could do the same with your WhatsApp information.
A spokesperson for WhatsApp recently denied Zweerink’s accusations that the app’s security settings are broken, explaining that the Dutch researcher’s tool simply gathers publicly available data. And that’s precisely the point that Zweerink is trying to make: the fact that some WhatsApp user information is simply there for anyone to see no matter what you do.
The post WhatsSpy Public: The app that spies on WhatsApp users appeared first on MediaCenter Panda Security.