WhatsApp Warns of Malicious Apps After Reports of Possible Chat Theft Vulnerability

(Photo: WhatsApp)WhatsApp

WhatsApp urged users to ensure they have the latest security fixes installed on their devices and download applications from reputable companies after a report indicated that a malicious application would be able to gain access to users' chats stored on their devices.

WhatsApp issued a statement on Thursday to Techcrunch saying it was aware of recent reports of a "security flaw," adding that it had recently upgraded the application found on Google Play. The company, which was recently acquired by Facebook, said the reports "have not painted an accurate picture and are overstated."

Netherlands-based consultant Bas Boschert said in a blog post on Tuesday that he was able to create an Android application that enables access to WhatsApp chats stored on a user's device and confirmed in a post on Thursday that while the ability to do so using his original method no longer exists, others have figured out a way to still access the chats.

Techcrunch noted on Wednesday in its initial report that by comparison, Apple "doesn't allow access to data outside an app's own sandbox," which stops malicious developers from creating a "dummy app" to access user data.

On Thursday WhatsApp said the current version up WhatsApp in Google Play "was updated to further protect our users against malicious apps."

"Under normal circumstances the data on a microSD card is not exposed. However, if a device owner downloads malware or a virus, their phone will be at risk," WhatsApp said in a statement.

WhatsApp for Android saves conversations on the SD card of a mobile phone. The card on the phone can be accessed by other apps when they have permission to do so, something which Boschert said had been known already for quite some time.

"I am not claiming that I found something new. I thought this was already known and am surprised about all the news footage. But apparently this is news for a lot of people.," Bosschert said on his blog in response to an anonymous poster who said the issue had been known for some time.

"It is nice to see though that it opens discussion about the Android security model or the way WhatsApp saves their databases and also creates some awareness by users," Bosschert said.

Copyright © 2013 Ecumenical News