One of the most popular apps on smartphones today is the Facebook owned messaging application WhatsApp. With well over one billion users the messaging giant goes from strength to strength. But with recent coverage of security issues with the app, and it’s somewhat controversial data sharing policy with Facebook, should we be worried about our privacy?
It’s probably helpful to address this question by looking at the two types of information we exchange when we use WhatsApp. Let’s refer to them as message data – by which I mean the data within your messages and non-message data – by which I mean information like your phone number, your contacts, the frequency with which you use the app, and metadata.
Something I have always taken solace in is the fact that WhatsApp uses a type of encryption called ‘end-to-end’ (E2EE) which ensures that a conversation can only be read by the sender and recipient, and not intercepted by a middleman i.e. WhatsApp. We can argue about the importance of such issues when the majority of our messages involve picking up some milk or what time to meet at the pub but I think it’s also fair to say that ensuring the privacy of our messages cannot be a bad thing.
your messages are end-to-end encrypted by default. When your messages are end-to-end encrypted, only the people you are messaging with can read them – not WhatsApp, Facebook, or anyone else.
This month the Guardian claimed that a ‘backdoor’ -a security vulnerability or loophole in an application – had been discovered which would allow third parties to read your messages. This claim has somewhat been discredited by a selection of security professionals who feel that the story is somewhat of a red herring. They claim that the so-called loophole is less a sinister opportunity for intrusion into our private lives and more a necessary evil for an application with close to a billion users. Without us diving headlong into the jargon heavy world of encryption the issue is essentially with how WhatsApp handles it’s encryption while your phone is offline. If you’ve changed your phone, changed your sim card, or reinstalled Whatsapp you will require a new set of encryption keys (security codes) and any messages sent while the phone was offline will be re-encrypted with the new ‘password’ or key. The concern is that if someone were to duplicate the sim card of the receivers phone they could intercept these messages. As is the case with many of these type of issues the risk to the average user’s security and privacy is minimal. WhatsApp has responded to the recent adverse coverage by stating:
“In WhatsApp’s implementation of the Signal protocol, we have a “Show Security Notifications” setting (option under Settings > Account > Security) that notifies you when a contact’s security code has changed. We know the most common reasons this happens are because someone has switched phones or reinstalled WhatsApp. This is because in many parts of the world, people frequently change devices and Sim cards. In these situations, we want to make sure people’s messages are delivered, not lost in transit.”
In looking at what is happening to our ‘non-message’ data – our phone number, contacts, the frequency with which you use the app, metadata etc) – we must look to the applications Terms and Conditions implemented in August 2016. They give us a good idea of what the Mountain View firm has planned for the future. In a company press release it acknowledged their intention to develop the application for enterprise as well as closer integration with Facebook and it’s advertising platforms:
By coordinating more with Facebook, we’ll be able to do things like track basic metrics about how often people use our services and better fight spam on WhatsApp. And by connecting your phone number with Facebook’s systems, Facebook can offer better friend suggestions and show you more relevant ads if you have an account with them. For example, you might see an ad from a company you already work with, rather than one from someone you’ve never heard of. You can learn more, including how to control the use of your data, here.
It’s hard to figure out from the above statement exactly how Facebook could offer me ‘better friend suggestions’ using this type of data but having seen this week the effects of collecting seemingly innocuous data can have on our world we can only conclude that all data, when viewed at a macro level, can be hugely powerful. The bottom line is that Facebook is looking to monetize its 20 Billion dollar acquisition. With it’s massive success it’s no surprise that the early idealism outlined by co-founder Jan Koum in 2012 in a defiant screed titled “Why We Don’t Sell Ads” has succumbed to the weight of the colossal number of users and the potential earnings they bring.
“These days companies know literally everything about you, your friends, your interests, and they use it all to sell ads,”
Jan Koum, 2012
So in conclusion unless you are living or working in the security or espionage industry I don’t think you need to be worried about your privacy when it comes to WhatsApp…for now. However do try and stay up to date and informed for it may be only a matter of time before Facebook wants to peek into our ‘private’ conversations.😱