WhatsApp is one of the world’s most widely used messaging apps. While the makers of the app have endowed the app with privacy controls and encryption to secure your messages, your usage pattern, profile picture and status message are still vulnerable. A simple software can be used to bypass your privacy settings on the mobile messaging app.
The vulnerability has been demonstrated by Maikel Zweerink, a Dutch university student who has developed Whatsspy, a web tool that can track every move of any WhatsApp user.
The student mentions that “the application is set up as a Proof of Concept that WhatsApp is broken in terms of privacy.”
By setting up a web server, users can track the Online/Offline status (even with privacy options set to “nobody”), profile pictures, privacy settings and status messages of users. The tool can even show on a timeline when exactly the user was online and for how long, and even lets you compare it to another tracked user.
To run the tool you need a secondary WhatsApp account (a phone number that hasn’t been registered earlier with Whatsapp), a rooted Android phone or jailbroken iPhone or knowledge of PHP code, and a web server, among others.
The developer of Whatsspy has invited users to send in their phone numbers if they want proof without setting up the server.
Recently, researchers had discovered security flaw in WhatsApp pictures that could show users’ profile picture to everyone even when they have been set to be viewed by friends only.
via: Times of India