A software engineer has discovered a new exploit in WhatsApp that could potentially reveal when one’s contacts are either communicating or sleeping.
WhatsApp is on the verge of receiving its largest expansion yet thanks to the arrival of WhatsApp Business, and now a software engineer has discovered an exploit that could affect the privacy of millions of users. Robert Heaton reports that a vulnerability in WhatsApp may allow voyeurs to establish when two users may be in conversation with one another on the platform, and when they may be asleep. Read: Facebook will now display ads from physical stores you’ve visited
Heaton revealed that – through developing small Chrome extension – he was able to monitor when his WhatsApp contacts are online thanks to the fact that WhatsApp’s last seen settings allow all users to see such information by default.
By developing the extension, Heaton was able to monitor the times when users were most likely to use the app, and identify longer periods where no user activity was recorded – indicating that the user in question may be asleep.
By comparing the activity of two users against one another, Heaton was able to establish which of his contacts may be in communication with another.
Though the exploit may seem a small – and complex – violation of one’s privacy at present, the fact that WhatsApp will soon open up to businesses and corporate entities will open the floodgates of opt-in advertising – where an analysis of users’ profiles and activity could well be a treasure trove of information for an unscrupulous marketer.
At present, WhatsApp users do have the option of disabling their “last seen” indicator entirely.
It also remains a strong likelihood that Facebook may grant such analytics to corporate entities which purchase the firm’s advanced set of tools for large-scale businesses when the platform’s Business update formally kicks off. Read: Facebook reportedly offers the music industry millions to retain rights to music in videos
What are your thoughts? Would you want your contacts – or a branded entity – to have analytics of your use of profile and when you are most likely to be asleep? Let us know your opinion in the comments below!
Follow Bryan Smith on Twitter: @bryansmithSA