Is WhatsApp Safe to Use? Security Review
As of 2023, WhatsApp is the most popular chatting app in the world. And it’s not even that close. With over 2 billion MAU (monthly active users) it stands heads and shoulders above its competition. That’s a big reason why Facebook (now Meta) bought WhatsApp for a mammoth $19 billion back in 2014 (
Read more). Despite the fact that it’s the most popular messenger app on the planet, WhatsApp definitely couldn’t be labeled as the most private or secure option. It does have some features going for it, but the question still stands – Is WhatsApp safe? In this article, we’ll try to answer it by overviewing its track record & history, current state, and the security tech behind the scenes.
WhatsApp – a short overview
Let’s look at the most important things that you should know about WhatsApp.
- The initial release of the app was back in January 2009
- It became the most popular messaging app in the world 5 years after its launch in August 2014.
- WhatsApp’s co-founder Brian Acton left the company in September 2017. Funny enough he started the Signal foundation which launched one of WhatsApp’s biggest competitors – Signal.
- Back in 2013, the app started asking for a $1 annual fee from users. That lasted until 2016.
- WhatsApp is available for both Android and iOS devices as an app and as a web app for your PC or Mac
- The app offers end-to-end encryption and claims that the privacy of each individual user is its top priority (Read more).
- Since it’s the most popular messaging app on the planet, it’s no surprise that there have been quite a few instances of security flaws being exposed and exploited by hackers. This was one of the more notable examples (Read more).
Here‘s how it looks when you open the app on your mobile device.
WhatsApp security – the foundation
As of right now, WhatsApp claims to have a few core features that are aimed at improving privacy and security. These are
- End-to-end encryption
- Additional layers of privacy
- Customer choice for control and privacy (e.g. last seen and online + reports and blocking)
- Chat lock
- Disappearing messages
- Silence of unknowing callers
- Encryption of data backups
We need to look at each of these one by one to better understand is WhatsApp genuinely safe to use.
End-to-end encryption
End-to-end encryption is the most bulletproof method for keeping private communications private. Even in the case of a MITM (man in the middle attack), the contents of the message are encrypted and impossible to read. WhatsApp, Signal and Skyda (e.g. the top private messaging apps) all use it.
This ensures that even WhatsApp can’t read or learn what you sent, both by text or media. Such a level of encryption significantly enhances user privacy, and it means that your data remains confidential and secure during transit. Only the intended recipient can receive a readable message on their account/device. This feature on WhatsApp is enabled by default but you can turn that off if you want to. That would be a strange thing to do, but it’s nice to know you have the option…
The illustration below shows the process of end-to-end encryption on an app like WhatsApp.
However, there are many different technologies and protocols for End-to-end encryption. WhatsApp uses the Signal encryption protocol. This is a great piece on Medium.com, analyzing everything related to Signal protocol bit by bit (
Read more). Give it a read if you’re interested in the technical nitty-gritty.
Just a side note, it’s funny to think that WhatsApp has been using the same tech for E2E encryption solution since 2014, but right now the Signal protocol is much more associated with the Signal app (which uses the same protocol), even though the app was created much later on…
As of right now, the Signal protocol is the most frequently used and probably the safest mainstream solution for encrypting digital messages. Thus in this regard, WhatsApp is quite safe.
Additional layers of privacy
- WhatsApp claims it can auto-detect suspicious activity and take proactive action, prompting you to verify your identity.
- The app uses top-tier filtering to automatically detect spam.
- No one can search for your phone number or read personal messages. They’re only available on your device.
- The app has 2FA
- You can leave groups silently (without anyone else other than admins being notified)
- Users have control over who sees their activity status)
- If someone sends view once messages, screenshotting isn’t available.
Some of the more recent additions to the list of WhatsApp features make it a safer, more private chatting app.
Disappearing messages
Ephemeral or disappearing messaging is a convenient way to have a more private messaging and communication experience.
This feature allows you to send self-destructing messages that vanish after a short period. It’s easy to toggle it on when sending a photo or video, and watch it disappear from the chat once it's viewed – just like a digital secret that leaves no trace behind!
There are also some additional features like encrypting the backup, chat locking, and blocking users. All of them add a layer of security to the app.
Why can’t you call WhatsApp a safe messenger app?
Most people want a very straightforward answer when asking “
Is WhatsApp safe?”.
The reality is that it isn’t as easy as saying Yes or No. There are many complex factors involved in the equation and all of them need to be considered.
At the forefront, you can see end-to-end encryption, and very nicely worded material on how WhatsApp has the right tools in place to keep your data safe. At the same time, you can remember how not so long ago, in November of 2022, close to 500 million WhatsApp user records came on sale in an online forum (
Read more).
The threat actor sold bundles of country phone numbers for large sums of money. As an example, Cybernews reported that they were selling the US dataset for $7,000, the UK – $2,500, and Germany – $2,000.
It’s not entirely clear whether this hacker was 100 % legit or purely fictional, but you can Google WhatsApp leak or WhatsApp scandal and see how many juicy queries pop up…
In all honesty, WhatsApp is very far from perfect when it comes to privacy. With that being said, it has done a lot to become much more secure over the years. At the same time, despite its strong end-to-end encryption, which safeguards your messages from unauthorized access, safety concerns can still arise.
One of the biggest ones is their dependence on Meta, a company that is notorious for having a profits-first, users-second type of mindset.
There is also the possibility of falling victim to phishing or social engineering attacks, where scammers attempt to trick users into divulging personal information.
Are there any safer alternatives?
From both a purely technological standpoint and as far as track record goes, you can find much safer alternatives to WhatsApp out there. Commonsense.org compiles a privacy score for more popular digital products and applications. WhatsApp got a low 55% for collecting a lot of PII, geolocation, and other sensitive data. In addition, research finds that phishers simply love WhatsApp. They prefer it over anything else. According to Kaspersky, around 90 % of all detected phishing in messenger apps is done via WhatsApp.
Other, smaller apps from different developers can do a much better job at keeping you safe. As other developers aren’t linked with companies that are trying to profit from advertising and don’t have such a large user base it is much more likely that they could provide a generally safer and more user-friendly experience.
One such app is Skyda which you can use on both Android and iOS devices. It has all of the same pros as end-to-end encryption, a user-friendly app interface, high-quality video and audio calling as well as secret chatting much more. Skyda works totally anonymously, not collecting any unnecessary PII that could pose a security or privacy risk later on. It establishes peer-to-peer connectivity between users, so files or messages aren’t stored on a server but only stay on devices and are transmitted directly.
You can use the app for free with a free plan and you don’t even need to sign up. Just download the app and you’ll instantly have a profile that’s anonymous, not linked with anything personal.
There are also additional privacy and security features
- Fingerprint unlock
- A complete data wipe after 6 incorrect PIN attempts (for added security)
- The ability to configure a duress code for instant account deletion after entering
- Self-destruction mode after a period of inactivity
- Contact information and total control over how the app works on your device
Summary
So, as you can see – answering whether WhatsApp is safe
isn’t as easy as 1 2 3.
The app has strong security measures in place but that may still be not enough to properly protect your privacy. Having a very large user base also means that it’s frequented by phishers.
Keep in mind that WhatsApp is convenient to use but it is also less safe than some of its alternatives.