A security flaw in WhatsApp could potentially allow third parties to cyberstalk users using the app’s default online status feature.
According to NDTV, cybersecurity firm Traced has discovered several iPhone and Android apps, as well as some web services, that can tell cyberstalkers when a user is active on WhatsApp. These services can be used by third parties to monitor users’ status even without their consent.
“You can enter any mobile phone number, and if that person uses WhatsApp, the status tracker will provide the exact date and time that person opened WhatsApp,” the company explained in a blog post.
Traced revealed that though these apps are usually marketed as a way for users to know when their contacts come online, it is routinely misused by cybercriminals.
Unlike other features, WhatsApp doesn’t offer a way to disable the feature that automatically shows if a user is online, leaving it open to exploitation by cyberstalkers.
Some WhatsApp online status trackers are also found to allow users to enter the phone numbers of two individuals. This helps to presume whether both users are chatting with each other on the app at a particular time.
“We provide a setting to allow people to choose who can view the time a user was ‘last seen’ within WhatsApp. To help prevent abuse, we regularly work with app stores to seek the removal of apps that attempt to violate our terms of service,” a WhatsApp spokesperson said of the issue.
“We have banned the WhatsApp accounts associated with such websites, requested Google remove such apps from the Play Store, and also take legal action, as appropriate.“
“Automating WhatsApp’s features to scrape information is a violation of our terms of service and we will continue to take action to protect the privacy of our users and help prevent abuse.”
WhatsApp had previously come under fire earlier this week after it was revealed that a security flaw allowed attackers to remotely suspend users’ accounts.