WhatsApp’s faulty privacy settings
A simple web-based tool developed by a Dutch university student can be used to track Whatsapp users even if they have enabled the messaging app-'s...
A simple web-based tool developed by a Dutch university student can be used to track Whatsapp users even if they have enabled the messaging app's strictest privacy controls. The open-source tool known as WhatsSpy Public can retrieve a user's profile photos and status messages as well as display a timeline of when he or she was actually online.
Developer Maikel Zweerink points out that this is not a hack or an exploit ofWhatsApp's systems, but a result of the way it was designed. The app offers three privacy settings: Last Seen, Profile Photo and Status. Users can choose whether each of these can be seen by everyone, only by his or her contacts, or by no one. The Last Seen setting does not prevent users from seeing that other users are online, although it seems to imply that.
Zweerink's tool is a rough proof-of-concept that aggregates this information and displays a timeline of when exactly any user was online, as well as changes to his or her profile pictures and status messages. Two users' presence histories can be loaded and compared side by side. There is no tracking of actual messages and no way to know if or when messages are being exchanged.
In a blog post on his own website, Zweerink states that he considers WhatsApp's privacy features broken because even though they are working as intended, users are led to believe they are more protected than they actually are. WhatsSpy Public is freely available but needs to be downloaded and installed on a Web server.
It requires a SIM card with a number not used by WhatsApp, a rooted Android device or jailbroken iPhone, and 24x7 Internet access for tracking. For those who don't have the resources required but would still like proof, Zweerink offers to carry out a scan for anyone who wishes to email him their own phone numbers. WhatsApp, now owned by Facebook, claims to have over 700 million active users, more than 70 million of which are in India.