Are you a user of WhatsApp on Android? I can see many hands raising and this means that a majority of us are using WhatsApp. The App is used for messaging and more to say, instant messaging. But do you know? You may not be as secure as you think you are. Not in the cloud, not at home, not anywhere. Gosh! I wonder where this world is going. This article is about the WhatsApp version of Android which has some security holes. This is not the case with the iOS and Windows Phone version of the app as they are both very much closed systems and apps don’t interact with each other, unless like Android in which apps can interact with each other freely.
A Dutch security analyst Bas Bosschert played with WhatsApp to find that the Android version is not that safe. There are two loop holes- the chat saved in SD card or through a rogue app which asks for permission to your other apps. He has given a series of comments for the same.
“The WhatsApp database is saved on the SD card which can be read by any Android application if the user allows it to access the SD card. And since majority of the people allow everything on their Android device, this is not much of a problem. What do we need to steal someone’s WhatsApp database? First we need a place to store the database,” Bosschert explained. “Next thing we need is an Android application which uploads the WhatsApp database to the website.”
An Android application asks for permission before installing into the system. But honestly, how many of us even care to see all this? When the screen loads, we press the Accept button and the app starts installing. We don’t bother to see what are all the things the app uses and what all is visible to the application.
This is also the case with the terms and conditions of software in the desktop operating system or a browser extension. As they are very much bigger, and will take hours to read, we just scroll down to the bottom and click on the I agree. Very bad of us! It is us, who have to safeguard our own privacy. Modifying the old proverb a little, “Safety begins at home”. Here is the hack, as explained by Bas.
“The WhatsApp database is a SQLite3 database which can be converted to Excel for easier access. Lately WhatsApp is using encryption to encrypt the database, so it can no longer be opened by SQLite. But we can simply decrypt this database using a simple python script. This script converts the crypted database to a plain SQLite3 database. Thus, we can conclude that every application can read the WhatsApp database and it is also possible to read the chats from the encrypted databases.”
But, Google on the other hand says that none of the software can get past its bouncer security system for verifying apps, though that may be true in the case of extremely dangerous software, that may not be the case with spam and spyware.
Here are things to do:
- Never accept any application from an outside source.
- Never click on “Unknown Sources” under the settings menu
- Make sure you read the permissions required by the app thoroughly.
- Be sure of what you are doing.
- A better idea- Stop coming to the internet entirely! Sarcastically!
