Whatsapp is currently the biggest and most popular messaging app in the whole world with an estimated 500 million active users. Recently acquired by Facebook on the biggest sale yet this year at a blowing 19 Billion dollar deal.
Ideally by its nature of private chatting many people trust the app’s usability to be safe and tamper free hence trusting it more than online apps which can easily be hacked however security experts have poked a loophole in the whole set that should get you worried as a user,according to Mashable,it’s possible for others to access your private WhatsApp chats through downloaded Android apps.
When you use the app’s built-in back-up mechanism — let’s say to prevent losing messages after uninstalling/reinstalling the app or moving them to a new device — WhatsApp is allegedly using the same encryption code to protect you and everyone else (instead of creating a unique key for each user).
This means the back up is going to a database with insecure storage and the chats could potentially be read and stolen by another app. In theory, the developer behind another app could decrypt and ultimately gain access to those messages.
Bosschert(the expert who exposed the loophole) notes on his website that the WhatsApp database is saved on your phone’s SD card, which can be read by any Android app if a user gives it access to do so. This is a common practice in the app space (apps that want to store non-secure data would be interested), so if an app asks for SD card access,be extremely cautious!!