The NSA knows what porn you've been watching
November 28, 2013
December 13, 2013
Show all

How secure is WhatsApp?

downloadWhatsApp is the clear leader in messaging on mobiles with over 300 million active users monthly. Yet WhatsApp’s security history has been less than exemplary and they seem to show an utter disregard for user’s privacy. For example, in a joint Canadian-Dutch probe, it was found that WhatsApp not only uploads the phone numbers of non-app users from your address book, but stores them perpetually though it appears that this has been subsequently fixed.

WhatsApp in July 2013 also had a SSL vulnerability exposed that could allow Paypal/Google Wallet details to be exposed when paying for its services.

Another important question is, are your conversations secure? The official stand in the FAQ sounds pretty good in theory:



Note that WhatsApp prior to August 2012 did not even encrypt their messages. Everything was sent in plaintext which could be easily intercepted and read. If you were using WhatsApp on Wi-Fi, anyone could snoop the airwaves and read what you were sending and receiving word for word. In fact tools such as WhatsAppSniffer were designed to be able to intercept these messages so it was pretty darn easy for the average Joe to do so.

Subsequently, WhatsApp implemented encryption but very poorly, leaving your mobile number still unencrypted and worse, using your IMEI number or your MAC address as a basis for their cryptographic keys (in layman terms, passwords). This is a bad idea since MAC addresses and IMEIs can be easily discovered.



WhatsApp subsequently fixed this as well but its woes do not end! Thijs Alkemade, a Dutch mathematics and computer science student, as recent as October 2013, found more security flaws that render WhatsApp’s encryption useless and to date, there has been no official comment or fix from WhatsApp.

So what other alternative IM clients are there that are secure?

BBM which is now also available on Android and iOS is possibly the best widespread alternative with high grade security though there are questions as to how it would comply with government requests as it has been pressured by India into revealing its cryptographic keys so that the Indian government can spy on BBM messages. Furthermore the Snowden leaks do indicate that the NSA does have some capability against BBM. iMessage is probably ok for casual security but can be broken by authorities. WeChat is horrible security wise and probably can be compelled by the Chinese authorities to hand over data. LINE is even worse whereby messages are sent in plaintext.

Silent Circle is excellent with a very high security and privacy focus but it requires a monthly fee. Threema and Chat Secure are interesting alternatives but adoption remain low. There is no one app that offers both widespread adoption and high security (though if I had to pick, it would be BBM). I hazard a guess that no one would stop using WhatsApp from this article however if you do want to speak on sensitive matters, use a different IM client.


  1. aseer says:

    If I’m using vpn and WhatsApp .. when I send my message to my friend it will be encrypted from my ISP but if my friend received my message and he is not using a vpn .. would it be possible that my message will be exposed ?

  2. Paklan says:

    How about Telegram Mesenger? They claim it to be the most secure IM ever build.

  3. cdd says:

    Telegram messenger is totally safe ! And keep in mind they don’t stock nothing on servers neither, like whatsapp. The encrypted chat is quite ok and it still beats facebook messenger. Facebook just a peak into your contacts, that’s why it bought whatsapp. And we might all wonder where the money came from … maybe Snowden knows ? 🙂

    So I switched to Telegram which is FREE, SECURE, and has NOTHING to do with bookface.

  4. DeathKnight says:

    Thanks for the info, what about Viber and Skype?

Leave a Reply

Your email address will not be published. Required fields are marked *