WhatsApp users may want to be more careful when installing apps on Android, as a vulnerability may reportedly allow others to read their messages.
The cross-platform messaging system is very popular worldwide, and has drawn even more interest when Facebook acquired it in a monster $19 billion deal. According to an IT specialist in the Netherlands, however, WhatsApp users should pay extra attention when downloading other Android apps, making sure to read the app's permissions very carefully. Otherwise, someone else could end up accessing their WhatsApp chat history.
The warning comes from Bas Bosschert, a technical consultant with more than a decade of experience working with Linux and Unix. According to him, developers can trick WhatsApp users into granting them access to their whole message database through other Android apps.
Considering that WhatsApp backs up all users' messages on their device's SD card, rogue apps could easily gain access to one's message database if given permission. Since many users don't really take the time to read all app permissions when downloading a new application, the scenario doesn't seem too farfetched.
In a blog post on Tuesday, March 11, Bosschert has detailed just how one could create such apps. The specialist offered several screenshots that show a code. If that code was added to an Android game, for instance, it could be used to extract a WhatsApp user's message database, the post explains.
"During the upload of the WhatsApp database files we will display a simple Loading screen, so people think the application is doing something interesting in the background," Bosschert notes in the blog post.
"People would only see a loading screen when they started the game," he further explained to Business Insider in an email. "They wouldn't notice that their WhatsApp database has been uploaded.
Google currently keeps apps that "collect information without the user's knowledge" from being available through its Play store, but a few intruders have nonetheless managed to squeeze in.
Users can avoid facing security breaches by carefully verifying an app's source and reading the app's permissions before proceeding to install it. It is also highly advisable to download and install apps only from trusted sources. When it comes to user privacy and security, one can never bee too cautious.