When Facebook purchased WhatsApp, users of the popular messenger app got a bit nervous. But Facebook promised that WhatsApp would not change - and for the most part, it hasn’t. In fact, WhatsApp just introduced end-to-end encryption, which is supposed to make the app incredibly (almost infallibly) secure. This should make everyone happy - right?
A recently discovered WhatsApp security flaw has many questioning whether or not the app is truly as secure as the company has claimed. The flaw was discovered by The Guardian publication and news of the issue spread across the tech world like wildfire.
The Security Problem
Because I am not a tech guy, I will try to explain this as simply as possible. WhatsApp forces devices to generate new encryption keys when not in use. In other words, when you are offline, you will not miss a WhatsApp message that might be sent.
Because a new encryption key is generated every time a user is offline, it is (technically) possible to intercept messages (or possible for WhatsApp/Facebook to read messages - and possibly share those messages with anyone that asks or has permission to do so). If true, this is a bit scary.
While it appears this flaw exists, WhatsApp defends the issue stating that the flaw is necessary when creating a free messenger app that is available to millions of people. Further, the company claims that if a new encryption key were not created every time a device is powered off or a SIM card is removed, users would miss messages.
WhatsApp has developed its messenger service so that nobody ever misses a message - a service that most people like.
A Personal Decision
In our humble opinion, a free app is never really free. Even though WhatsApp has aimed to have the securest messenger system since BlackBerry’s original BBM service, it’s still a free app, and that means strings are always attached. This means that a company or someone owns the app - and that you don’t really have many rights when it comes to how that app or the information that flows through it is used.
While some of those rights are highlighted in the user agreements, most people just click through the user agreement stating they have read the agreement without actually giving the agreement a second thought. Often you, as a user, are waiving any and all rights over the information you send and receive.
In this case, WhatsApp may be telling the truth when stating that the detected flaw is a necessary one. However, we do caution against trusting any messenger app or other free app with your most secure information - no matter how secure it may seem at the time.