WhatsApp has denied reports of a major security flaw that could allow your messages to be intercepted without you knowing.
Research carried out by the University of California and reported by The Guardian, claimed that WhatsApp’s parent company Facebook could read user messages via a “back door” in the system.
But the messaging app has called the suggestion “false” and officially denied the claims.
“WhatsApp does not give governments a ‘backdoor’ into its systems and would fight any government request to create a backdoor,” a spokesperson for the company said on Friday.
“The design decision referenced in the Guardian story prevents millions of messages from being lost, and WhatsApp offers people security notifications to alert them to potential security risks.
“WhatsApp published a technical white paper on its encryption design, and has been transparent about the government requests it receives, publishing data about those requests in the Facebook Government Requests Report.”
WhatsApp of course is known for using end-to-end encryption, which should mean no one is able to access messages.
However, security researchers told The Guardian that WhatsApp and Facebook can intercept and read messages and could even pass them onto governments and security agencies in certain situations.
“If WhatsApp is asked by a government agency to disclose its messaging records, it can effectively grant access due to the change in keys,” security researcher Tobias Boelter told The Guardian.
Furthermore, Boelter said he first reported his findings to Facebook back in April 2016 but was reportedly told this was “expected behaviour”.
Security experts have said the findings “alarming”, while others have played down the risk to users.
Cryptographer and online security expert Frederic Jacobs took to Twitter to describe the findings as “nothing new” and said “it’s ridiculous that this is presented as a backdoor. If you don’t verify keys, authenticity of keys is not guaranteed. Well known fact.”
It’s ridiculous that this is presented as a backdoor. If you don’t verify keys, authenticity of keys is not guaranteed. Well known fact.
— Frederic Jacobs (@FredericJacobs) January 13, 2017
How can you protect yourself?
If you are concerned about privacy and WhatsApp security perhaps the best option is to stop using the Facebook owned app altogether in favour of more secure messaging apps such as Telegram or Signal.
If that isn’t an option, you can update your WhatsApp account settings to receive an alert whenever a change has been made to the encryption of your messages or when your messages has been redirected to a device with a different encryption key, which could indicate third party snooping.
To do this, open the WhatsApp app and go to: Settings > Account > Security > Turn on Show security notifications.
It is also recommended to make sure you are always using the most up to date version of the app.