Previously delivered WhatsApp messages can reportedly be tweaked to change the content or the sender's identity.
Check Point Software Technologies found that hackers can create an altered version of the WhatsApp app and change a quoted message, one that is being replied to, The New York Times reports. Hackers could change the content or the sender, the researchers reportedly found.
Facebook-owned WhatsApp told The Times that it works to remove people who use hacked versions of its service, but said the ability to manipulate quotes wasn't a flaw. Verifying each message would create privacy issues or slow the app down too much.
In a statement, WhatsApp compared the ability to change quoted messages to the ability to alter an email to change its content. It also defended the security of WhatsApp's end-to-end encryption.
"This claim has nothing to do with the security of end-to-end encryption, which ensures only the sender and recipient can read messages sent on WhatsApp," a spokesperson said. "We ban accounts that attempt to modify WhatsApp to engage in spammy behavior and we are working with civil society in several countries to educate people about fake news and hoaxes."
Check Point didn't immediately respond to a request for comment.
Both companies told The Times that they hadn't seen regular people sending fake quoted messages within the service.
However, misinformation on WhatsApp is an increasing concern. For example, India's government reportedly asked telecoms to figure out how to block messaging apps if they are misused. The Indian government's request came after WhatsApp-spread misinformation resulted in the reported lynching of five people after a rumor circulated that they abducted children. At least 12 have been attacked as a result of such messages.
India is WhatApp's biggest market, with more than 200 million people using the service.
First published at 3:12 a.m. PT.
Updated at 8:38 a.m. PT: Adds WhatsApp comment.