WhatsApp privacy settings ‘illusions’, says spyware architect
Developer claims IM app ‘broken by design’, says tracking possible even if privacy set to ‘nobody’
An app developer has claimed instant messaging tool WhatApp's privacy structure is "broken by design", saying he can track a number of data points through a Web-based utility named WhatsSpy Public.
Dutch developer Maikel Zweerink claims on his website that even with WhatsApp privacy options set to "nobody", his proof-of-concept tool can monitor online status as well as changes to profile pictures, privacy settings and status messages.
"So there is this menu called ‘privacy' in Whatsapp," he wrote on his site. "Here you can edit your ‘last seen', ‘profile picture' and ‘status' privacy options. You may think now that you've set all options to ‘nobody' you are privacy-wise safe. But... I can still track your moves on Whatsapp."
Zweerink says his monitoring app works because, while WhatsApp allows users to adjust their own privacy settings, no amount of disabling or settings adjustment will prevent their friends from seeing them as "online". Because of this, Zweerink does not consider the flaw an exploit, but believes it is "broken by design".
"Due to this feature WhatsSpy Public can track virtually anyone, because anyone can listen for these events," he wrote.
Zweerink has set WhatsSpy Public up as an open-source project and provides the code for free. He has also built a GUI around WhatsSpy Public to allow the monitoring of a user's timeline and other comparative data visualisations.
It is worth noting that once the tracking app is running on a handset, it will be unable to receive WhatsApp messages.