Is WhatsApp Safe? WhatsApp Secutiry Issues 2021 - Reader's Digest

Posted: 08 Jan 2021 12:00 AM PST

This encrypted messaging app might not be all that it's cracked up to be, experts warn.

When you install WhatsApp on your smartphone, you are asked to approve the requested permissions, confirm your phone number, and import your existing contacts. Is it safe to give one app so much access to your personal information? Cybersecurity experts weigh in on the app's security and privacy features, warning that it could make your phone an easy target for hackers and offering suggestions to boost your security. Experts would never have these apps on their smartphones, either.

What is WhatsApp?

WhatsApp is a free mobile and messaging app owned by Facebook. Instead of using a cellular network, WhatsApp needs only a Wi-Fi connection to send encrypted videos, voice calls, and text messages around the world. The app launched in 2009, but it really took off when Facebook bought it in 2014. Today, WhatsApp is the world's most popular messaging app, with more than 2 billion users worldwide.

How does WhatsApp work?

After downloading WhatsApp and confirming your phone number, you can text and call anyone across the globe for free (minus any data charges). But that's not the only perk of using WhatsApp. The chat app also offers several important security features, including encryption and privacy settings, that help to protect your info from thieves. Aside from using WhatsApp, you'll want to steal these secrets from people who never get hacked, too.

WhatsApp encryption

WhatsApp uses end-to-end encryption to protect all communication on its platform. These encryption keys not only make it impossible to decrypt messages, but they also prevent third parties and even WhatsApp from accessing messages or calls. That means "only you and the person or group you are communicating with can read or see the messages, photos or files you send, or listen to the calls you make," according to James E. Lee, chief operating officer at Identity Theft Resource Center.

WhatsApp privacy

In addition to its encryption function, WhatsApp allows users to customize their privacy settings, including the visibility of their status and profile to others. But keep in mind that not everything you do on the app is private. WhatsApp "does collect and share information about how you use the service, including sharing information with their parent company, Facebook," Lee says. You can learn more about what information is collected and how it is used by reading WhatsApp's privacy policy. FYI, if these apps are still on your phone, someone could be spying on you.

Is WhatsApp safe?

Although end-to-end encryption makes WhatsApp more secure than other communication apps, no app is 100 percent safe to use. Like any app or digital device, WhatsApp is often targeted by bad actors. The app also has access to your contacts and tracks where and how long you use it, putting your privacy and personal information at risk. Here's why you should be worried about smartphone apps stealing your data.

WhatsApp security issues

In May 2019, hackers learned they could infect phones with spyware by calling victims through WhatsApp. WhatsApp quickly fixed the software bug, but criminals are always searching for new vulnerabilities in apps. What's more, WhatsApp can gather and store data on "how you interact with others using our services, and the time, frequency and duration of your activities and interactions," according to its privacy policy—and could even share that info with police. Watch out for these warning signs your phone has been hacked.

How to protect your privacy

Unfortunately, "no app is ever completely safe from attackers," says Theresa Payton, author of Manipulated: Inside the Cyberwar to Hijack Elections and Distort the Truth and CEO of Fortalice Solutions. To safeguard your phone and personal information, Lee recommends frequently updating your apps and smartphone software, maximizing the app's privacy settings, and never sharing risky content. Read more tips to protect your smartphone from viruses.

Are WhatsApp conversations private?

WhatsApp's end-to-end encryption feature ensures that all of your communication on the platform, including messages, files, and calls, is private and can only be viewed by you and the recipient. But Payton suggests thinking carefully about how much you trust the person you are communicating with in the first place. "Once you send something digitally, there is nothing preventing the receiver of the message from taking a screenshot or recording what you sent on a separate device," she says.

How long are WhatsApp conversations stored?

For the privacy and security of users, conversations on WhatsApp are only stored on your device and not on WhatsApp servers. However, messages that cannot be delivered—if, for example, the recipient is offline or not connected to Wi-Fi—are held in WhatsApp's server and only removed once they are delivered. Delivered messages are stored on your device indefinitely or until you delete them yourself, while undelivered messages are deleted after 30 days. In addition to old messages, you should never store these 8 things on your smartphone.

Can WhatsApp conversations be deleted?

The latest version of WhatsApp allows users to remove messages from their device as well as the recipient's chat (within an hour of sending the message). To delete a message in WhatsApp, tap and hold the message, tap "Delete," and then choose "Delete for Me" or "Delete for Everyone." You can also turn on a self-destruction timer feature, which makes your conversations disappear after seven days. Once messages are deleted, you cannot recover them again. But don't forget that recipients can always take a screenshot or record what you sent on another device before it's deleted, Payton says. Once your messages are secure, learn how to arm yourself against 2021's top security threats of smartphones.

Sources:

ACLU Quest for FBI Records Opens New Front in Encryption Debate - Bloomberg Law

Posted: 14 Jan 2021 12:00 AM PST

The American Civil Liberties Union's quest for records from a Federal Bureau of Investigation unit could shed light on law enforcement's ability to work around a clash with tech companies over encryption.

Records revealing to what extent the FBI can access encrypted information on its own raise questions about whether tech companies should build into their devices a so-called backdoor for law enforcement to gain access for investigative purposes, as some officials have argued.

"If they don't need a backdoor, then their argument gets undercut," said Riana Pfefferkorn, a research scholar at Stanford University's Internet Observatory who focuses on encryption.

The ACLU is suing for records from the FBI's Electronic Device Analysis Unit, which is believed to be capable of bypassing encryption to access the contents of mobile phones.

The unit is seen as a response to the resistance of companies like Apple Inc. to helping law enforcement access information on locked iPhones in recent years, including after the 2015 San Bernardino mass shooting. The issue has sparked a debate over the privacy and security tradeoffs of encryption.

The ACLU's lawsuit, filed last month in the U.S. District Court for the Northern District of California, comes after the FBI unit declined to turn over records in response to a Freedom of Information Act request. The FBI told the ACLU that it can't confirm or deny the existence of the records, according to the group's complaint.

FBI Records

The ACLU argues in its suit that there are already public records on the FBI's phone-unlocking capabilities. The records request is seeking more details on policies that govern the FBI unit and its forensic capabilities.

"The lawsuit is really about transparency," said Arianna Demas, a fellow with the ACLU's Speech, Privacy, and Technology Project, who is applying to serve as pro hac vice in the case.

The suit points to FBI contracts with mobile phone forensics firm Grayshift, which makes a tool that extracts encrypted or otherwise inaccessible data from mobile devices. Grayshift declined to comment on its customer relationships.

The FBI also posted in August a job opening for a position involving forensic extractions and data recovery from locked and damaged devices, according to the ACLU's suit. An FBI spokesperson declined to comment on the job posting or on the records request in general.

Court records in a case concerning law enforcement access to a mobile phone likewise suggest that the FBI's unit is capable of bypassing encryption, the suit says.

Forensic Tools

Law enforcement typically needs a warrant to search a mobile phone, unless the phone user gives consent.

Public records requests made at the state and local level show that more than 2,000 law enforcement agencies across the U.S. have purchased forensic tools for searching mobile devices, according to research from the nonprofit Upturn. Some of the tools can circumvent a device's security features to access data.

"A lot of this conversation gets abstracted to: 'What does this mean for encryption?'" said Logan Koepke, a senior policy analyst at Upturn. "This is not just an abstract question of whether police can get into locked phones."

Koepke added that although much of the encryption conversation at the federal level focuses on cases of child exploitation or terrorism, Upturn's research showed that forensic tools are often used to review phones in cases involving graffiti, shoplifting, or similar offenses.

The case is: American Civil Liberties Union Foundation v. Department of Justice, N.D. Cal., No. 3:20-cv-09284, 12/22/20.

Search This Blog

Android Full Encryption