No more WhatsApp for me
Today I’m saying no more to one of the most wonderful apps “WhatsApp” and here is why: in early morning today my phone notified me about the new version of the WhatsApp application. Normally I use auto update and don’t bother myself much with this, but today I decided to go through the process. The Play market prompt me with the security confirmation for the permission manifest requested by the app. I was surprised to see that the app requires full account privileges including reading my Google account password and basically, doing anything they want with my Google account.
So I dug a little further and found out many security holes within this app:
In May 2011 there was a security hole reported in WhatsApp which left user accounts open for hijacking. According to some sources, it is believed that this hack was performed, and later fixed by helping WhatsApp reproduce it on Android and Symbian, by Liroy van Hoewijk, CEO of CoreISP.net.
Since May 2011 it has been reported that communications made by WhatsApp are not encrypted, and data is sent and received in plaintext, meaning messages can easily be read if packet traces are available. In May of 2012 security researchers noted that new updates of WhatsApp no longer sent messages as plaintext.
In September 2011 a new version of the WhatsApp Messenger application for iPhones was released. In this new version, the developer has closed a number of critical security holes that allowed forged messages to be sent and messages from any WhatsApp user to be read.
On January 6, 2012 an unknown hacker published a website (WhatsAppStatus.net) which made it possible to change the status of an arbitrary whatsapp user, as long as the phone number was known. To let it work it only required a restart of the app. According to the hacker it is only one of the many security issues in Whatsapp. On January 9, Whatsapp reported to have implemented a final solution. In reality the only measure that was taken was blocking the website’s IP-address. As a reaction a Windows tool was made available for download providing the same functionality. This issue has not been resolved until now. The first notification of this issue was received by Whatsapp in September 2011.
I don’t get it; really, this is an app with more than 1M users just in the Android market. Damn you WhatsApp, make yourself better – you’re in the big league now. I also don’t like simple application that read data from the internet and request my geo location and many alike…
Well, the naive approach wasn’t for me in the first place, and I’m reverting myself to the “programmer approach” and checking each app under the magnifying glass every time it wants something I don’t want to give it.