Ex-Yahoo veterans launched WhatsApp, the cross-platform mobile messaging app for iPhone, BlackBerry, Android, Windows Phone and Nokia. It rapidly grew into prominence because it was free and the network effect with word of mouth publicity ensured that most of the people installed it on their phones. It is based on customised version of the XMPP protocol and uses phone number or IMEI as the user ID. It works through the data networks to share multimedia content. WhatsApp used to send across the messages in plain text, but the latest version claims that it is encrypted without specifying the cryptographic method involved.
One of the foremost concerns of this author is the privacy of communication and its security of transmission. It cannot be stressed enough that using an Android/ iOS based handset is akin to leave the digital doors open. These useless platforms do nothing to inspire confidence and are merely glorified electronics to tinker with for the masses. Notably Android has spawned a cottage industry of malware and viruses that can virtually hijack your investments in the device in no time.
Arguably, potential identity thefts are below the threshold of detection since it has not reached a critical mass.
However, it doesn’t mean that it cannot happen. WhatsApp has also been in the line of fire for its failure to communicate its employed security methods. Anyone, with the right tools can hijack user sessions and spoof conversation. Imagine the victim’s number being cloned and the contacts sent random spam messages. Its application interface is insecure which has been proven on multiple occasions. It has also been under cloud from the Canadian regulators because it uploads the entire contents of the contacts directory on their servers. Although the company claims that this is stored in the hash form, but it does not inspire confidence in view of their perceived security practices.
The situation is dismal for other popular chat applications (like WeChat) as well because they can easily be hacked by skill practitioners. Their insecure practices have been highlighted across several fora and the purpose of this write up is to generate awareness of