Throughout the past year, many mobile messaging apps have come under fire for inherent security vulnerabilities. This month, WhatsApp (one of the largest globally used messaging apps) has gone to great lengths to ensure users’ personal data is protected. Their recent deployment of end-to-end encryption, one of the largest to date, poses the question: is the security of mobile messaging apps about to change?
Last year, we reported on a security flaw that had been plaguing WhatsApp users. At the time, researchers had discovered a weakness in the app’s encryption that made it possible for cybercriminals to read plain text communications sent through the app.
It was found that WhatsApp was using the same key to decode the encrypted message on both sides of a conversation. When the same key is used for both the sender and receiver’s messages, it makes it exponentially easier for someone to intercept messages sent via unsecured Wi-Fi networks and pull the actual text out of the encrypted data. Therefore, hackers could potentially see sensitive information such as addresses or personal photos, sent via WhatsApp.
WhatsApp has since taken measures to remedy this security flaw and is in the midst of rolling out increased privacy features for Android WhatsApp users.
This new security comes in the form of end-to-end encryption added by default for one-to-one text messages sent through the app. Although this feature is currently only available for Android users and does not yet apply to group messages, photos, or videos, WhatsApp Inc. plans to rollout end-to-end encryption across all platforms in the near future.
So why are privacy advocates rejoicing over end-to-end encryption, and why should users care?
End-to-end encryption provides an added level of security that makes it nearly impossible for anyone other than the intended recipients of the message(s) to read the contents of the message.
WhatsApp’s deployment of end-to-end encryption is one of the largest implementations across a mobile messaging platform to date. Android users can now breathe a little easier as it is highly unlikely that their text messages sent through WhatsApp will be seen by unwanted eyes.
If you plan to use WhatsApp for group messages, to send photos and videos, or are using it on a mobile device that is not yet protected by end-to-end encryption, it’s best to practice some key mobile security habits to ensure your information stays protected.
- Avoid using unsecured Wi-Fi networks to send personal information. Free and open public Wi-Fi is great in theory, but this openness comes with a downside. Because these networks are used by a large number of people, they are often a hacker’s favorite target. Hackers can easily intercept data such as photos, messages, passwords and more, leaving unsuspected users in the lurch.
- Don’t put sensitive information in the hands of a mobile messaging app. It’s a good rule of thumb to keep sensitive information, in general, off of your mobile devices and messaging apps. Phones can be lost or stolen and security flaws of apps exploited so you should never trust your mobile device to keep banking information, social security numbers or addresses secure.
- Have comprehensive security software installed on your mobile device. McAfee® Mobile Security, free for Android and iOS, offers a variety of protections, including one that will alert you if you are about to connect to an unsecured Wi-Fi network from your Android device.