Stalker alert! WhatsApp security flaw leaves you open to tracking by anyone

You might say that WhatsApp is hardly ever serious about user privacy considering its blue ticks and Last seen features; but a new security issue which lets anyone track you, thankfully does not come from the Facebook-owned company itself. Still, it’s not saying much in terms of the latest problem facing users.

A student from a Dutch university has created a program capable of exposing crucial weaknesses allegedly plaguing WhatsApp. Using the web-based software, anyone can tinker with your privacy settings and keep tabs on your movements on the messenger app. And it apparently does not take much effort to do so.

1212015-303

If you have a stalker capable of following Maikel Zweerink’s instructions to build WhatsSpy Public and then setting it on you, your privacy choices, updates, offline/online status and profile photos could be open to tracking. Zweerink really wants you to know how ‘broken’ WhatsApp’s privacy options really are.

Also see: WhatsApp is beta testing free voice calling, will work on 3G and EDGE networks

He insists that you cannot call WhatsSpy Public a hack or an exploit since WhatsApp is ‘broken by design’. Say, you’ve chosen to keep your Last Seen, profile picture and status to yourself. If someone is viewing your conversation with them, your will still appear ‘online’ to them when you’re signed in anyway.

1212015-304

Just in case you doubt the veracity of Zweerink’s claim, you can mail him the phone number through which you use WhatsApp, after setting your privacy options to maximum strength. He promises to provide you with proof that the concept works via an ‘I can see whenever you’re online’ exercise.

You might also like: WhatSim provides backup solution for WhatsApp on a budget while traveling abroad

The lesson to take away from this is that even an uncomplicated and seemingly secure messaging tool like WhatsApp is accessible to prying eyes. People need to be careful not just when they’re on the Internet, but even when they’re using web-based services such as these.