On the 10th of April this year, Mark Zuckerberg while testifying before the told them that Facebook systems do not see the content of messages transmitted via WhatsApp thanks to end-to-end encryption feature of the messaging app. The hearing took place after reports about the social networking site’s alleged data breach scandal opened up. The reports alleged Facebook of compromising with the personal data of over 87 million users to Britain based Cambridge Analytica. This confirmation from the CEO and founder of the world’s most popular social networking website was seen as a relief to all the users of WhatsApp who were concerned over the aftermaths of data breach scandal.

Digital evolution must no longer be a customer trade-off between privacy and security. Privacy is not to sell, it's a valuable asset to protect.”

But the question is that how much of it is to be believed? The answer is that Facebook can potentially access your WhatsApp data and therefore Zuckerberg cannot be completely relied upon.    

HOW CAN FACEBOOK INTERCEPT THE ENCRYPTED WHATSAPP MESSAGES?

Loopholes and backdoors have been common to any political, social or technological system. Same has been the case with the WhatsApp messenger. A security backdoor has been found within the WhatsApp messaging service that can be used by Facebook to intercept the encrypted message on the world’s most popular messaging app. Facebook has always claimed that no one including its staff and members can intercept messages sent via WhatsApp but in fact, it can read the messages because of the way the latter has implemented its end-to-end encryption protocol.

The end-to-end encryption protocol of WhatsApp depends upon the generation of unique security keys, using the acclaimed signal protocol, developed by Open Whisper Systems, which are traded between and verified by the customers to procure guarantee as to the security of their messages via WhatsApp against any middleman. However, the problem is that WhatsApp has the ability to generate new encryption keys for offline users without the knowledge of the sender and the recipient of the message. This is to make the sender re-encrypt messages with new keys and resend them, for the messages that haven’t been marked as delivered. The recipient is not made aware of the re-encryption whereas the sender is told about it only if he has opted for encryption warning in settings that too after the messages have been resent. This re-encryption and rebroadcasting make it possible for Facebook to intercept and read users’ messages.

woman holding black smartphone at Whatsapp logo
Photo by Rachit Tank / Unsplash

This security backdoor was discovered by Tobias Boelter who is a cryptography and security researcher at the University of California, Berkeley. He once said while speaking to the Guardian, “If WhatsApp is asked by a government agency to disclose its messaging records, it can effectively grant access due to the change in keys."

WHAT CAN YOU DO TO KEEP YOUR WHATSAPP CHATS SAFE?

So now we have got an idea of how messages via WhatsApp can be intercepted and read by others. If Facebook can do it then others can too. So it is utmost important for every WhatsApp user to keep in mind the following points so as to keep your chats a bit more safe if not completely safe.

  • Lock WhatsApp – One of the best and easiest ways of protecting your chats is to protect your app with a password or PIN. WhatsApp itself doesn’t provide this function but there are other apps to do so. If your phone is lost the app lock will ensure that no third person accesses your personal data.
  • Block WhatsApp – Photos from getting saved in Camera Roll – Excluding WhatsApp images from camera roll provides another layer of security to your phone in case it is stolen or lost or hacked into. But as a matter of fact, this is not a 100 per cent bulletproof solution.
  • Hide your ‘last seen’ stamp – You might think that this is not something that can land you into a problem but when this information is combined with some other information about your WhatsApp account then this combination can prove very useful to them. So my recommendation to you is to restrict who sees your ‘last seen’ time in WhatsApp.
  • Restrict access to your Profile Picture– Your WhatsApp profile picture is present at numerous places on the internet be it Facebook, LinkedIn or Twitter. If everyone has access to your WhatsApp DP, then it is very easy for any person to find out more about you using Google Image search. So share your profile picture only with your contacts.
  • Beware of Scams – WhatsApp never tries to contact you via the app. WhatsApp also does not send any emails about chats, voice messages, payments, changes, photos, or videos unless we initiate the conversation with them seeking any help. So if you receive any emails from people claiming to be WhatsApp personnel then beware as this is the beginning of a scam.
  • Deactivate WhatsApp if you lose your device – WhatsApp offers its users to control their account even when they have lost their phone. It is always recommended that whenever you lose your mobile phone, you should immediately activate your account in another phone with a replacement SIM as WhatsApp can only be used by one number on one device at a time. If this is not possible then deactivating your account is the best available option.
  • Be careful about what you talk about– Common sense helps you to get out of every problem. So try and be careful while talking on WhatsApp. Don’t send sensitive information via this handle like phone numbers, bank details, credit card details etc. and also try avoiding information that can be used against you.

CONCLUSION

WhatsApp has become a very significant part of our lives. It would be very difficult to imagine our day without WhatsApp. But a utility can become a dis utility any moment if not used judiciously. Benefits of WhatsApp totally outshine the minute data privacy issues related to it but a few steps from our side can if not completely but partially vanish such issues. Take WhatsApp a bit more professionally and use it for formal purposes most often rather than sharing your personal sensitive information that can be used against you. But nothing to worry as there have not been any reported cases of Facebook misusing your messages on WhatsApp but there is always an element of risk.