Your private WhatsApp group chats are on Google search and Facebook knows about it

0
226

FEBRUARY 23, 2020

Men pose with smartphones in front of displayed Whatsapp logo in this illustration. (REUTERS)

WhatsApp is one of those instant messenger apps that has garnered millions of users in just a few years and has managed to maintain its lead in the ‘Most downloaded apps’ section across platforms. Although it is a part of Facebook, over the years it has successfully won the trust of users by keeping its chats ‘encrypted’. A small message in a new chat window even shows that the message is encrypted. But how secure are they really? The questions raises because a few hours ago a report from Vice revealed that it is possible to gain access to private chat groups (content, members and their contacts) on WhatsApp by a simple Google Search. Yep, that’s right.

And Facebook knew about it since months.

If you aren’t aware, private chat groups on WhatsApp are usually accessible through an invite code (the URL) that is sent by the group creators or admins. But as per the report, Google seems to be indexing those URLs (at least some of them) and showing then in search results. This gives anyone the access to those URLs and join the private group.

Reverse app engineer Jane Manchun Wong also tweeted that some 470,000 group invite links have been indexed by Google.

Usually one would read this and blame Google for it. But it looks like Facebook-owned WhatsApp is the culprit here. It is worth adding that Google crawls for URLs across the entire web and since a WhatsApp user can share the private group chat link on social media or any other website, it is bound to be there on Google. WhatsApp’s inability to let anyone access that URL and enter a group is something worth questioning.

This piece of information comes from Google Search laison’s Danny Sullivan who tweeted:

Anyone can see the WhatsApp Group chats indexed on Google. All they need to do is to start the search query with “chat.whatsapp.com” followed by a piece of information specific to the chats. Vice was able to find several groups related to sharing porn content as well. And these chat groups not just show the content that is being shared but also the named and contacts of the members that are a part of the group. 

What’s worse is that WhatsApp’s parent company Facebook was aware about this security issue ever since November 2019. This comes from a Twitter user named @hackrzvijay, who alerted Facebook about it in order to get some bounty but got a reply from the social media giant stating that it was an “intentional product decision”.

Here’s the full reply:

In a statement to Vice, WhatsApp’s spokesperson confirms that such group chat links can be indexed by search engines and that one should not share such links on public forum. “Group admins in WhatsApp groups are able to invite any WhatsApp user to join that group by sharing a link that they have generated. Like all content that is shared in searchable, public channels, invite links that are posted publicly on the internet can be found by other WhatsApp users. Links that users wish to share privately with people they know and trust should not be posted on a publicly accessible website.”


Courtesy/Source: Hindustan Times