How Secure Is WhatsApp? App Faces Scrutiny for Its Security Measures

The instant messaging app known as WhatsApp provides a free communication service for its many users. With millions of people now using the service, questions of security are being raised. How secure is WhatsApp from tapping or tracking?

WhatsApp Messenger was created in January 2009 by Brian Acton and Jan Koum. As of 2021, WhatsApp has 2 billion monthly users with 74.9 million of the users being in the U.S. Coincidentally, the U.S. users have the most WhatsApp downloads from the App Store.

Reliant on Wi-Fi, WhatsApp allows users to send messages, audio, video, and pictures. Other features allow users to share their status and leave voicemails. Because the app is free, its services have attracted millions of people even if they don’t have their own cell service.

According to WhatsApp, the service is encrypted end-to-end, which protects the information users share with each other. End-to-end encryption means that only the people communicating can access the information. This prevents third-party individuals from accessing cryptographic keys that are needed to open the conversation.

WhatsApp also provides the same protection for businesses that use the app. The company said, “Once the message is received, it will be subject to the businesses own privacy practices. Some businesses will choose WhatsApp’s parent company, Meta, to securely store messages and respond to customers.”

However, payments on WhatsApp aren't encrypted with the end-to-end feature. According to WhatsApp, “Card and bank numbers are stored encrypted and in a highly-secured network. However, because financial institutions can’t process transactions without receiving information related to these payments, these payments aren’t end-to-end encrypted.”

The messaging app has faced some scrutiny for security and privacy issues. In 2019, it was reported that there was a weakness in the messaging service that made it vulnerable to hacking. Hackers were able to install spyware on iPhones and Androids. This was done by calling targets through the app. The company that developed the code for the spyware was NSO Group, which is based in Israel. The code for the spyware could apparently be transmitted even if the target didn't answer the phone.

“NSO’s flagship product is Pegasus, a program that can turn on a phone’s microphone and camera, trawl through emails and messages and collect location data,” according to The Financial Times. Although NSO developed the code, they said, “Under no circumstances would NSO be involved in the operating or identifying of targets of its technology, which is solely operated by intelligence and law enforcement agencies.”

WhatsApp also faced scrutiny in 2021 when it was accused of using end-to-end encryption as a fix-all for any privacy or security issues. However, the company is still going strong and boasting about the lengths it has gone to protect users' information. Whether or not the messenger app is still vulnerable to an attack remains to be seen.