WhatsApp should pull up its socks about privacy with regards to 'group chats' in light of the Cambridge Analytica data scandal

WhatsApp, one of the most popular cross-platform messaging and VoIP has long maintained a fundamental distance from its parent company Facebook. [caption id=“attachment_4404799” align=“alignleft” width=“380”] Representative Image of people using WhatsApp. Image: Reuters[/caption] The company emphasised its stand as details emerged about the **Cambridge Analytica scandal** . A stand that WhatsApp has maintained ever since the acquisition by Facebook. The difference is that WhatsApp focuses on fact that it employs ‘end-to-end encryption’ on the messaging and VoIP platform the ensure that the company cannot access the content of the conversations between two people. According to an in-depth article by Vivek Wadhwa, a distinguished Fellow at the Carnegie Mellon University of Engineering at Silicon Valley, WhatsApp is not as secure as it claims to be. He added that despite the end-to-end encryption, WhatsApp is vulnerable to scandals and data scraping attempts as the one done by Cambridge Analytica. According to report on VentureBeat, Wadhwa referred to a draft paper by a group of researchers from Switzerland clarifying that the vulnerability lies in the implementation of the WhatsApp groups. The draft paper talks about how anyone on the internet can get invite links of open WhatsApp groups and join them to check on all the new messages and phone numbers of the group members. [caption id=“attachment_4391773” align=“alignnone” width=“1200”] WhatsApp and Facebook messenger icons are seen on an iPhone in Manchester, Britain March 27, 2017. Image: Reuters[/caption] What is more worrying is the fact that people with enough skill-set can automate the group joining while using an old smartphone to gather all the information about the group in the local database. What is interesting to note here is that even though the database is encrypted, the key to unlocking the database is present in the RAM of the old smartphone and skilled individuals can easily use the key to unlock the local database and then access all the data posted on the group. The authors of the research draft paper, Kiran Garimella from EPFL, Switzerland and Gareth Tyson from Queen Mary University, London joined some of the 2,000 groups that they found and showcased how easy it is for governments, marketers and hackers to join any group and get all the information. Wadhwa also added examples where Chinese government sent human rights activist Zhang Guanghong to detention for criticising China’s president, after it monitored a WhatsApp group of his friends. Here, it is likely that the government hacked Zhang’s smartphone or had a spy in that group chat. He highlighted that anyone in control of the WhatsApp server can insert other people in a private WhatsApp group without any permission from the administrator, something that requires high-level hacking skills or the access available to the government of any particular country.

One thing to note here is that WhatsApp only allows up to 256 members in one group so the scope of surveillance is comparatively much smaller than Facebook or even Telegram supergroups. However, the report added that WhatsApp needs to look at such serious flaws in its setup instead to merely distancing themselves from Facebook in such a situation else something like a #DeleteWhatsApp is not far off despite its co-founder expressing his support for #DeleteFacebook.