WhatsApp – is it secure?

Last week I needed to share my Bank Account number with my son so he could transfer some money to my account.  As I was sharing, my wife cautiously asked me if it was ok to do that.  All the recent headlines about Facebook and data leaks were fresh in her mind.  That made me do some research about WhatsApp’s security and at the end it made me feel quite confident about sharing the details (account number, not my account password).

WhatsApp is used extensively in India and many other countries, although not as much in the US. And simple knowledge of what is safe and what’s not would help everyone using WhatsApp.

If you have ever started a new conversation on WhatsApp with someone, you must have seen a message:

I am sure nobody clicks on the message to know more, but if you did, you would get another message:

The key here is ‘encryption’ – the message (chat or calls) are encrypted with your credentials as well as receivers’.  So no other individual can see the content of the message, even if they somehow get hold of it.  Only you and the receiver can read the message (decrypt it).   A simple analogy for ‘encryption’ is a ‘lock’, so the message is locked, and only you and the receiver have the ‘key’ (decryption ability) for the message.

The same is true for a message you post in a Group.  Only people who are part of that group can read it.

So the bottom line is, the message is safe as long as you trust the receiver not to share it with others or to misuse it.

And the best part is, even WhatsApp (ironically owned by Facebook) – a company that is providing the infrastructure to get your message and deliver to the recipient – can’t see the message or decrypt it.  This is the part that’s most important for me.  This means that WhatsApp will not provide APIs (programmatic access) to 3rd parties to get to the message, neither will WhatsApp run any analytics on my posts/sends/calls to eventually use it for any company benefit.  Facebook has access to all of your posts along with all of your actions in Facebook.  Doing analytics, providing relevant advertisements & access to this data to advertisers was the main issue in the Facebook / Cambridge Analytica saga (see my earlier post).   But the encryption prevents WhatsApp from getting at the content of any of your postings

So the bottom line is:

  • Its fine to share information on WhatsApp, without fear of any 3rd party or WhatsApp (as a company) being able to get to it or read it.
  • You have to use common sense while sharing. Like me sharing my account number with my Son, making sure I don’t share my online login ID/Password or my ATM Pin.  That’s never safe no matter how you share.
  • Also know that the receiver can misuse it or share your message with others.  But it’s between you and the receiver.
  • And don’t forget, if someone gets hold of your mobile or receiver’s mobile and can open WhatsApp, they are opening it with your (or their) identity. So of course, they can read the messages. In this case, they are not a 3rd party.

As long as you keep all of the above in mind, you will have peace of mind and proper sharing on WhatsApp.

You can read more about WhatsApp security by clicking here.

My efforts from these posts is to simplify technology, explain it in simple terms so that when the time comes, you will not ask questions similar to what’s being asked in the accompanying video.