Answer

Security Review of ‘WhatsApp’

WhatsApp is controversially the most used mobile application accessible by over two billion smart-phone users around the globe. It provides easy, fast, and free messaging, audio and video calls, and media sharing. In 2016, WhatsApp introduced a default end-to-end encryption service that enables all the contents of information shared by users in the platform to be accessed by unauthorized parties (Rösler, Mainka & Schwenk, 2018). The move to introduce an end-to-end encryption service has boosted the security and privacy of users’ information on the platform. This report aims to review and exhaustively analyze the protection of the WhatsApp platform.

Summary of WhatsApp Technology

WhatsApp uses the internet to share messages, pictures, videos, or audio worldwide. Not only can you use WhatsApp on your smart-phone, but also on a desktop through a download from its website for Windows or Mac users. The app utilizes Ejabberd (XMPP) server to aid immediate information sharing between two or more consumers on a real-time basis since Ejabberd is highly reliable and sustainable regardless of traffic (Ramakrishnamurthy, 2021). The end-to-end encryption was introduced to enable a sender and the recipient to be the only parties who can access the content of their information, a move that saw WhatsApp user number rise to two billion worldwide. Its goal is to provide an end-to-end encryption-based service to let users communicate comfortably around the world without barriers.

Assets and Security Goals

• Provide an end-to-end encryption service: The primary security goal of WhatsApp is to provide a default end-to-end encryption service for its users. This will increase the user base since the users are confident of the privacy of the information they share on the platform.
• Maintain user privacy: WhatsApp does not share the details and contacts of its users with any other party, including Facebook, to foster customer trust and satisfaction.

Adversaries and Threats

• WhatsApp Web Malware: WhatsApp Web used by desktop owners to access WhatsApp attracts cybercriminals because, on the more extensive internet, the app is not carefully regulated compared to a smartphone app, making cybercriminals take its advantage (Rösler, Mainka & Schwenk, 2018).
• Ownership by Facebook: WhatsApp is owned by Facebook, causing security threats, and so it suffers security dangers just like Facebook.

Weaknesses

Facebook data sharing

Despite guaranteeing users that their data would not be shared with Facebook, WhatsApp reviewed its Private Policy to enable data sharing from WhatsApp to Facebook.

Unencrypted Backups

As much as WhatsApp provides an end-to-end encryption platform to its users, the backup destination allowed in WhatsApp, Google Drive and iCloud, are not encrypted, thus a weakness in its security provisions.

Defenses

After users raised several concerns and complaints about Facebook data sharing from WhatsApp, the system released a new data sharing policy that would limit WhatsApp’s components for any user who is not a participant (Rastogi & Hendler, 2017).

Rostagi & Hendler (2017) asserts that backup locations provided by WhatsApp; that is, iCloud and Google Drive, have begun to work closely with WhatsApp service providers to maintain the privacy of users’ data stored at their platforms, an upside being that no large-scale hacks have affected the two backup locations.

Risk Analysis

Even though WhatsApp providers have gone heights to provide an end-to-end encryption-based platform, its security is still a challenge qualifying the forum to be a destination for cybercriminals. While WhatsApp users’ information is protected in transit, most of the devices used do not encrypt data compared to Apple (Rostagi & Hendler, 2017). Rösler, Mainka & Schwenk (2018) also argue that WhatsApp’s location to backup users’ information is not entirely safe and encrypted as WhatsApp’s encryption technology. This might cause security breaches to users’ privacy and cyber attacks on the location destination. Additionally, WhatsApp does not provide an encryption service to previously communicated information which could expose a user in case of device theft. Therefore, security concerns are not fully addressed.

These threats and weaknesses are risky because users’ illicit conversations and data exchanged by other parties. Also, the weaknesses are risky because of the chance to manipulate and exfiltrate data since they are storing data of users’ conversations. This might break WhatsApp’s ethical concerns about the privacy of users’ data and information shared (Ramakrishnamurthy, 2021). However, WhatsApp has assured its users that the technology of end to end encryption will forever remain to protect consumers’ conversations, data, and information to other parties.

Conclusion

This report has comprehensively summarized WhatsApp Security concerns. As a result, the threats and weaknesses associated with WhatsApp security and privacy concerns are enormous; therefore, WhatsApp providers should immediately review their Security Goals to maintain and ensure users’ Security and Privacy Policies at all times.