Share

Watch out for WhatsApp ‘snooping’ on web browsers

Johannesburg - Linking instant messaging app WhatsApp to the service’s new web browser functionality is helping users stay more connected, whether they’re on their phones or computers.

But forgetting to log out of the web browser version for WhatsApp could open users up to being snooped on if somebody else accesses their computers, according to a South African IT consultant and technology blogger Liron Segev.

Earlier this month, WhatsApp - which claims to have over 500 million users across the globe - switched on a service that enables sending messages from the Google Chrome web browser.

To access the service, WhatsApp users simply visit https://web.whatsapp.com/ in their Google Chrome web browser where they will be prompted to open the app on their phone and scan a QR code. All WhatsApp messages and their histories are then ‘mirrored’ in the web browser. (At this stage, the offering is only available on Google Chrome.)

But staying logged in to WhatsApp on the browser could put you at risk of having your privacy compromised if your computer is accessed by a stranger.

“Once a computer and a phone have been linked up, anyone with access to the desktop could simply fire up the website web.whatsapp.com and without being prompted for any authentication details, all the information from the phone’s WhatsApp is displayed on the screen,” Segev wrote in his blog post.

“There is absolutely no obvious indication on the phone that the desktop is currently being used and so the WhatsApp user has no idea that someone is spying on the conversations.

“As the phone doesn’t even need to be in the same Wi-Fi zone and just needs an internet connection, the victim can be anywhere in the world for the desktop ... snoop to work,” he wrote.

Segev goes on to write that this issue is "hardly a ‘hack’ or a ‘security breach’" but is just "common sense".

Fin24 has accessed the WhatsApp web browser functionality and trialled it to determine the extent of this problem highlighted by Segev. The Fin24 technology team, in turn, found that WhatsApp on the web browser does indeed stay logged in, even after exiting the browser. Users of WhatsApp are also not overtly notified on their smartphones when the linked application on the web browser is open and being used.

Fin24 found that WhatsApp technically does notify users on their phones of their last activity on the web browser version. But this functionality is hidden as users have to press on the 'WhatsApp Web' settings in the mobile app to find this information. This is a menu option that users have to actively find rather than being passively told via the likes of, for example, a push notification.

“I am surprised that WhatsApp didn’t think this could be an issue. Should WhatsApp implement a simple notification on the phone whenever the desktop is connected, that is enough to alert someone that they are being watched,” said Segev.

Segev further wrote that he contacted WhatsApp support to notify the company of the problem. The WhatsApp support team acknowledged the potential snooping issue but didn’t commit to a date to possibly solve the problem.

Protect your messages

In the meantime, there are ways to protect your messages if you are intent on using the web browser version of WhatsApp.

The first method is to ensure you log out of WhatsApp on the web browser when you are done using it.

This can be done by clicking on the menu option in the WhatsApp web version and logging out.


You can physically log out of the web version of WhatsApp. (Gareth van Zyl)

However, Liron Segev has wrote that users can also log out by opening WhatsApp on their smartphones, tapping on settings (the three dots), selecting 'WhatsApp Web' and then selecting  ‘log out from all computers’.

We live in a world where facts and fiction get blurred
Who we choose to trust can have a profound impact on our lives. Join thousands of devoted South Africans who look to News24 to bring them news they can trust every day. As we celebrate 25 years, become a News24 subscriber as we strive to keep you informed, inspired and empowered.
Join News24 today
heading
description
username
Show Comments ()
Rand - Dollar
18.88
+0.3%
Rand - Pound
23.86
+0.2%
Rand - Euro
20.39
+0.2%
Rand - Aus dollar
12.33
+0.1%
Rand - Yen
0.12
+0.2%
Platinum
908.05
0.0%
Palladium
1,014.94
0.0%
Gold
2,232.75
-0.0%
Silver
24.95
-0.1%
Brent Crude
87.00
+1.8%
Top 40
68,346
0.0%
All Share
74,536
0.0%
Resource 10
57,251
0.0%
Industrial 25
103,936
0.0%
Financial 15
16,502
0.0%
All JSE data delayed by at least 15 minutes Iress logo
Company Snapshot
Editorial feedback and complaints

Contact the public editor with feedback for our journalists, complaints, queries or suggestions about articles on News24.

LEARN MORE
Government tenders

Find public sector tender opportunities in South Africa here.

Government tenders
This portal provides access to information on all tenders made by all public sector organisations in all spheres of government.
Browse tenders