WhatsApp is one of the most popular messaging apps in the world with around 2 billion (yes, billion) users worldwide. The app is encrypted by default with end-to-end encryption for both messages and calls, which is good for your privacy. It’s also owned by Facebook which means Facebook can access some data WhatsApp collects on you for specified purposes, which may be bad for your privacy. When it comes to video, WhatsApp allows for one-on-one calls and group calling with up to eight people. Just beware, WhatsApp has had a pretty well known misinformation problem and well, misinformation stinks.
What could happen if something goes wrong?
Facebook-owned WhatsApp caused quite the kerfuffle early in 2021 when it complained about Apple’s app store privacy labels that show all the data an app links to you. It didn’t look good for WhatsApp, especially when Apple published the same info for their iMessage app. Then WhatsApp updated their privacy policy in a way that scared the pants off people, justified or not, which caused a huge jumping ship of WhatsApp users to apps like Telegram and Signal. And then Ireland hit WhatsApp with a record $266 million fine for an alleged lack of transparency over how it shares data with Facebook. So, what’s the deal? Is WhatsApp bad for privacy? From a technical perspective, no, not really. WhatsApp uses super strong end-to-end encryption for all texts, chats, and video calls, This is great! WhatsApp can’t read your messages or see your calls. The flip side of this is Facebook--a company infamous for its vast and questionably ethical collection of so much data--owns WhatsApp. This means that lots of metadata, things like purchase history, location, device ID, and more--can be captured and shared with businesses advertising on WhatsApp. People looking for a true privacy-centered messaging app can find better options, like Signal and Threema. Messaging aside, it's worth considering WhatsApp's role in spreading misinformation. In 2020, WhatsApp became such a major source of misinformation about the coronavirus that world leaders called out the app by name. WhatsApp did take steps to try and stop the flood of misinformation when it began limiting the number of times people could pass on frequently forwarded content to five chats at once. Misinformation is a problem these days, one everyone should be aware of and do their best to not make worse.
Security
A.I.
Can it snoop on me?
Camera
Device: N/A
App: Yes
Microphone
Device: N/A
App: Yes
Tracks location
Device: N/A
App: Yes
What can be used to sign up?
No
Phone
Yes
Third-party account
No
What data does the company collect?
Personal
Profile name of a user's choice, phone number.
Body related
Social
Metadata, including contacts, information about your activity, including how you use our Services, your Services settings, how you interact with others using our Services (including when you interact with a business), and the time, frequency, and duration of your activities and interactions.
How does the company use this data?
How can you control your data?
What is the company’s known track record of protecting users’ data?
In May 2019, WhatsApp announced a security breach associated with a surveillance authority. It did not disclose how many users were affected. In 2017, co-founders of WhatsApp have left the company, one of them, Brian Acton, saying "I sold my users' privacy to a larger benefit, I made a choice and a compromise. And I live with that every day."
Can this product be used offline?
User-friendly privacy information?
In May 2021, WhatsApp found itself at the center of controversy regarding its privacy policy. The main change was regarding sharing data, including communication content with businesses, with the larger Facebook Group. Many privacy-conscious users thought that ALL their communication data will be shared with Facebook (which is not the case). But it is hard to blame them, since WhatsApp's policy is not an example of a crystal clear one, nor was the process of its implementation soft. WhatsApp has been bombarding users for months with persistent pop-up messages to force them to accept its new terms of use and privacy policy. We too, as millions of WhatsApp users, found it hard to get what exactly is this update changing, looking at the privacy policy and terms of use only. Thus, we consider these documents to be confusing on purpose. Only the purpose is still unclear.
Links to privacy information
Does this product meet our Minimum Security Standards?
Encryption
All messages and calls are end-to-end encrypted by default. Note that metadata is not encrypted and shared within Facebook Group.
Strong password
There is no password requirement to enter a call. WhatsApp allows users to set up a fingerprint lock or faceID as an extra layer of security, although this is not on by default, and for iPhones only.
Security updates
Manages vulnerabilities
Facebook has a bug bounty program for security vulnerabilities
Privacy policy
Does the product use AI?
Is this AI untrustworthy?
What kind of decisions does the AI make about you or for you?
Is the company transparent about how the AI works?
Does the user have control over the AI features?
Dive Deeper
-
WhatsApp tightens message forwarding restrictions to combat coronavirus misinformationCNBC
-
Five Things You Should Know About the WhatsApp HackSecurity Boulevard
-
WhatsApp Video Calls Will Soon Support 50: This Is Why 8’s The Limit For Your SecurityForbes
-
Signal Vs Telegram—3 Things You Need To Know Before You Quit WhatsAppForbes
-
WhatsApp launches disappearing photos and video for all your sensitive (and sexy) messagesMashable
-
WhatsApp faces $267M fine for breaching Europe’s GDPRTechCrunch
-
Disinformation Spreads on WhatsApp Ahead of Brazilian ElectionNY Times
-
WhatsApp clarifies it cannot see your private messagesMashable
-
WhatsApp is having another go at explaining its privacy policy to usersThe Verge
Comments
Got a comment? Let us hear it.