SecureMac, Inc.

Computer security news. Just for Macs.

Get the latest computer security news for Macs and be the first to be informed about critical updates. Industry news, security events and all you need right at your fingertips. Malware threats change daily, so keep up to date on the latest developments to help ensure your privacy and protection. You can never be too safe.

What’s up with WhatsApp?

Posted on January 21, 2021

WhatsApp has been in the news a lot over the past week, with critics alleging that the popular Facebook-owned messaging app has become a threat to user privacy. WhatsApp officials, however, say that they’re firmly committed to privacy, and say that there’s a great deal of misinformation being spread online.

In this article, we’ll tell you what’s going on with the app, and what it means for your privacy.

Changes to the Privacy Policy

The controversy began back on January 4, when WhatsApp announced changes to its app privacy policy.

This announcement came as an in-app alert informing users of the upcoming changes, and telling them that they’d have to agree to the new terms and conditions if they wanted to go on using the app after February 8. The new privacy policy included several mentions of how data would be shared with Facebook going forward.

This alarmed many users — which is understandable, considering Facebook’s track record on privacy and the company’s vehement opposition to the new anti-tracking features in iOS 14

However, WhatsApp says that the app’s core privacy protections are still as strong as ever, and that much of the social media furor over the changes either misrepresented or misunderstood what was really going on. 

E2EE still intact

For many of WhatsApp’s 2 billion users, the app’s most important feature is that it offers end-to-end encryption (E2EE) for secure and private messaging (read the linked article for a technical explanation of how E2EE messaging apps work). WhatsApp’s representatives stress that E2EE will not be affected by the new privacy policy at all.

They’ve also released an FAQ with some additional details about what is and isn’t going to be shared with Facebook: They say that private chats and calls, as well as shared locations, will never be seen by Facebook (or WhatsApp, for that matter). They also note that they don’t log users’ call histories and that they never share contacts lists with Facebook.

Data sharing with Facebook

Despite WhatsApp’s reassurances, many users are clearly concerned about the changes. Over the past week, WhatsApp rivals Signal and Telegram (both known for their strong stance on privacy) have seen a huge surge in new users. 

WhatsApp’s public response so far has focused on telling users that no one will be reading their private messages; they’ve also emphasized the ways in which WhatsApp works differently when users are messaging businesses, as opposed to their personal contacts.

However, as some observers have noted, WhatsApp’s new online FAQ doesn’t mention what the full updated privacy policy spells out in detail: namely, that “as part of the Facebook family of companies, WhatsApp receives information from, and shares information with, this family of companies”. According to the privacy policy, this information is used to “improve” the user’s experience by “making product suggestions” or “showing relevant offers and ads”.

To many people, this will no doubt sound a lot like the sort of targeted advertising and user profiling that Facebook is notorious for. And a quick glance at WhatsApp’s App Privacy report in the App Store reveals quite a few entries under the “Data Linked to You” heading, which may explain why so many WhatsApp users have decided to call it quits.

Alternatives to WhatsApp

When it comes to WhatsApp, here’s the bottom line: Although your encrypted communications are not likely to be at risk if you use the app, there are better options if you’re concerned about your privacy. Here are two good ones:

iMessage

If you and your contacts are within the Apple ecosystem, iMessage is a great choice for encrypted communications. It’s E2EE by default, and it has the added bonus of running exclusively on platforms known for their security. However, there are some limitations. If you’re chatting with someone who isn’t using iMessage, then your chats won’t be E2EE. In addition, there is some concern over the issue of iCloud backups and iMessage, since iCloud backups are not fully protected by end-to-end encryption (though if you’re concerned about this, you can simply back up your device to a Mac that has FileVault enabled).  

Signal

If you’re looking for a cross-platform E2EE messaging app, Signal is probably your best bet. It’s widely recommended by security experts, as well as by privacy and free speech organizations such as Electronic Frontier Foundation and Freedom of the Press Foundation. Furthermore, in contrast to apps like WhatsApp or Facebook, Signal is run as a non-profit, and is supported entirely by donations. And while trusting any software developer with your privacy is a deeply personal decision, there are good reasons to have confidence in Signal. As NSA whistleblower Edward Snowden recently quipped Twitter, “I use it every day and I’m not dead yet” — a powerful (if somewhat dark) testimonial!

Join our mailing list for the latest security news and deals