Unlike the Last Seen feature and Read Messages status features which could be disabled by users, the Online feature is by default active in the app and users do not have the liberty to change or hide their online status.
In what appears to be a technical vulnerability, WhatsApp users can be stalked by third parties through the online status feature of the instant messaging application, security researchers have said. According to several news reports, a number of Android as well as iPhone applications along with Web services are able to exploit the online status feature and track individuals without asking for their consent. The technical vulnerability in the application has been found by Cybersecurity firm Traced which has found a list of applications and services that could be used by stalkers to track WhatsApp users when they get online on the application.
The instant messaging platform has provided the online status feature to let people know when their friends are online. Also, unlike the Last Seen feature and Read Messages status features which could be disabled by users, the Online feature is by default active in the app and users do not have the liberty to change or hide their online status.
Cybersecurity firm Traced has found that several of these stalkers also market themselves online as service providers on the internet by helping people know then their contacts get online throughout the day. Some stalkers also provide the option of tracking two mobile numbers at a time to track if both the numbers get online at the same time. Using the online data, such stalkers help in presuming whether the two individuals were chatting frequently. The feature also has the potential to aid stalkers to monitor WhatsApp users constantly.
However, it must be clarified that the vulnerability does not allow the stalkers to encrypt the messages or gain undue access to the personal chats of the users. However, the way Online feature has been designed by WhatsApp, it does leave scope for the stalkers to track users online time, frequency among others. WhatsApp has so far not responded to the claims made by CyberSecurity Firm Traced.