WhatsApp for Android Security Defect Leaves Chats Open for Anyone to Read

A security defect in the Android version of communication program WhatsApp leaves conversations vulnerable to a third-party server, a new discovery has revealed.

According to a report by the Guardian, the glitch allows a different application to access the WhatsApp user's whole database of chats without their permission. This issue comes from both Android's way of dealing with external storage, in addition to WhatsApp's relatively lax security measures.

Dutch security consultant Bas Bosschert told the Guardian that any application for Android that can enter the device's SD card has the ability to scan and upload whatever is in the communication apps' database.

"The WhatsApp database is saved on the SD card which can be read by any Android application if the user allows it to access the SD card," Bosschert told the Guardian this week. "And, as the majority of people allow everything on their Android device, this is not much of a problem."

Some say the issue stems from WhatsApp's relatively open security database, while others lay the blame on Android.

Android allows complete access to the SD card - a far cry from Apple's more controlled approach to security on its iOS gadgets, which keeps each app "sandboxed" to stop unwanted eyes from looking at the information.

Android reportedly keeps its information open to allow programmers easy entry to build programs, which would be impossible to do with an Apple product. But Android's approach also leaves it vulnerable to issues like WhatsApp's.

According to the Guardian, any application that can upload and read information from the SD card can also look at other applications' storehouses of data.

Bosschert said there are even third-party apps that use tools to open WhatsApp information such as WhatsApp Xtract.

"Every application can read the WhatsApp database and it is also possible to read the chats from the encrypted databases," Bosschert said.

Bosschert suggests WhatsApp for Android users exercise caution with which applications they grant access to the SD card.

Real Time Analytics