WhatsApp pooh-poohs report of security flaw
Claims of security hole involving SD cards don't paint an accurate picture, say the makers of the popular chat app.
The people behind WhatsApp are rebutting a report contending that the app is vulnerable because your chats can be stored on an Android phone's SD card.
Earlier this week, DoubleThink chief technology officer Bas Bosschert posted a blog alleging that hackers could use a malicious app to tap into your WhatsApp conversations by uploading the database from the SD card to a Web site. To prove his point, Bosschert said he created an app that was able to snag and read the database files.
In response, a spokesperson for WhatsApp called the report "overstated" and issued the following statement sent to CNET:
We are aware of the reports regarding a "security flaw". Unfortunately, these reports have not painted an accurate picture and are overstated. Under normal circumstances the data on a microSD card is not exposed. However, if a device owner downloads malware or a virus, their phone will be at risk. As always, we recommend WhatsApp users apply all software updates to ensure they have the latest security fixes and we strongly encourage users to only download trusted software from reputable companies. The current version of WhatsApp in Google Play was updated to further protect our users against malicious apps.
In essence, WhatsApp is saying that the fault lies not in our app but in Android itself, meaning any nasty piece of malware could access data on a device's SD card. WhatsApp's comment that it updated its app to further protect against malware sounds like a step in the right direction.
But in a comment to his original post, Bosschert said he tested the app again after the latest update, and the flaw still exists.
CNET contacted WhatsApp for comment and will update the story with any further details.