A recent discovery by security researcher Tal Be’ery has revealed that anyone with access to your WhatsApp number can determine whether you are using the mobile app or its companion web or desktop apps. This finding has raised concerns among digital security experts, as it could potentially expose users to targeted attacks.
Key Takeaway
WhatsApp users should be aware that their device usage can be tracked by others, potentially exposing them to privacy and security risks.
Unveiling WhatsApp Usage
Be’ery demonstrated that it is possible to discern if a WhatsApp user is utilizing the app solely on their mobile device or across multiple devices. While this may not seem like a critical security breach, experts warn that it could provide valuable information for potential attackers, making users more vulnerable to security threats.
Potential Risks and Concerns
Digital security expert Runa Sandvik emphasized that this revelation could aid hackers in gathering information and devising targeted attacks, particularly if they identify that a user is accessing WhatsApp on a desktop, which is often considered an easier target for compromise.
Harlo Holmes, the chief information security officer at the Freedom of the Press Foundation, highlighted the privacy implications of being able to discern a user’s device usage on WhatsApp. Holmes suggested that WhatsApp should offer an opt-out feature for device indicators, similar to the options available for disabling read receipts and typing indicators.
WhatsApp’s Response
Meta’s spokesperson, Zade Alsawah, acknowledged Be’ery’s research and defended the app’s current design, stating that it aligns with users’ expectations. Alsawah emphasized the benefits of the multi-device feature, allowing users to send and receive messages across devices with end-to-end encryption.
The Inherent Design Flaw
Be’ery explained that this data leak is a consequence of WhatsApp’s design, where the sender’s device creates a unique session key for each device the receiver is using, thereby revealing the number of devices in use. He further noted that anyone can access this information by inspecting traffic while using WhatsApp on the web, making it a potential privacy concern.