A software engineer has discovered a critical vulnerability with popular messaging app WhatsApp that allows anyone to track a user's activity. While the vulnerability cannot be used to access messages, the flaw can be exploited to track sleep activity.
Robert Heaton, who found the flaw, states on his website that the tracking is done using the user's 'last seen' and 'online' status data. Tracking this data, the hacker can potentially check up on an individual's activity at any given time.
The report also mentions that there is no way a user can get around this hack. WhatsApp does allow the option of selecting whether users want to share their 'last seen' status with your 'contacts only', 'everyone' or 'no one'. However, it does not have a similar mechanism for blocking out users from seeing when a user was 'online'.
This data can also be used to potentially figure whether an individual is talking to another on the messaging app by minutely matching when the two individuals go online.