Hackers reveal tool to bypass privacy settings on Whatsapp

A simple piece of software is being used by hackers to bypass privacy settings on Whatsapp.

The software exploits a ‘design flaw’ in the messaging service’s optional status feature which lets other users know whether someone is online or offline.

It enables a user’s status to be tracked, and also monitors changes to profile pictures, privacy settings or status messages for any user, even if they have the strictest privacy option.

Once downloaded, the software reveals a timeline of the online status of a tracked user and can compare this to another tracked user.

 ‘The privacy options in Whatsapp act like they give you full control over your status in Whatsapp meanwhile they only affect a very limited scope,’ Mr Zweerink writes on his blog.

‘Sure, the last seen, profile picture and status options do work, but probably not as the user intended it to.

 When a Whatsapp user disables settings such as 'last seen', other users still get notified that their online if they are in a WhatsApp conversation with them 

‘The ability for a complete stranger to follow your in-app status is pretty creepy and might be abused already. This is not a "hack" or "exploit" but it's broken by design.’

WhatsSpy Public only works on specific devices, such as a jail broken iPhone or a rooted Android, and requires some technical knowledge.

WhatsApp, owned by Facebook, is one of the most popular mobile messaging app, with 700 million monthly active users sending more than 30 billion messages per day.

This isn’t the first time Whatsapp has come under fire for its privacy policies.

In 2019, the Canadian Privacy Commission found that the app was collecting too many phone numbers of non-users using users’ address books as well as improperly encrypting messages.

The University of Utrecht has also recently found a flaw that would have allowed anyone to decrypt its messages.