Popular messaging app WhatsApp allows individuals to communicate with people all over the world with the help of WiFi or over a private network. Over 1.5 billion users of the app praise the ability to communicate for free with friends, family, clients, coworkers, employers, and acquaintances internationally.
Another reason many took to the app was because of the so called 'end-to-end encryption' that would be able to keep messages, photos, and private information secure. What we're seeing now is that these security measures may not be as bulletproof as WhatsApp claimed.
At the start of 2021, WhatsApp announced that they'd be sharing user information with Facebook for marketing purposes. This new policy stated that users of the communication app would have to agree to the new terms or face having their account shut down. Some of the data WhatsApp would share includes names, contacts, phone numbers, messages, mobile device information, and IP addresses.
Additionally, WhatsApp was not only going to share this sensitive data with Facebook, but also the many other companies that facebook owns or is partnered with.
Initially this sharing of information was going to start February 8th, but with public outrage over the new potential security risks and tons of users leaving the platform, they were forced to postpone the start date.
Many users have since moved over to Signal, a new communication app that uses strong end-to-end encryption and has better security and privacy policies in place for it's users.
Alongside these data sharing risks, there's also the threat of fake apps mimicking WhatsApp attempting to steal information and credentials. It's common for large platforms and organizations to be used by cybercriminals as a front for phishing scams as many people will fall for them.
A recent story came out where a fake malicious app mimicking WhatsApp was found circulating the official Apple app store.
In this case, an Italian spyware vendor attempted to use this fake malicious app to target specific individuals and to collect information about them. The malicious app has since been taken down from the app store, but that was certainly not the only fake app impersonating WhatsApp out there.
Always ensure you double-check apps, websites, links, documents, etc. before downloading. For apps, always download from official app stores to prevent potentially downloading a fake malicious app, but as we saw in the example above, even fake malicious apps can be on official app stores, so it's crucial to double check before hitting that download button.
Our services here at Cyber Unit monitor for suspicious activity such as fake apps and we notify you right away if we spot anything potentially malicious. This is just one of the many security services we provide.
Find out more HERE!