WhatsApp flaw leaves your chat history exposed; company claims otherwise

WhatsApp has been figuring a lot in the news lately with regard to errors and flaws. After crashing just a day after the Facebook buyout, WhatsApp is in the news again for a supposed flaw that leaves your chat history exposed.

Technology consultant Bas Bosschert has published a code that would allow developers to build apps which would give access to chat logs left on the device SD card. The company has hit back saying that the reports are much exaggerated and calls the the whole overstated. It has added that the company has revamped security for the Android app with the most recent update.


“The WhatsApp database is saved on the SD card which can be read by any Android application if the user allows it to access the SD card. And since majority of the people allows everything on their Android device, this is not much of a problem.

People would only see a loading screen when they started the game. They wouldn’t notice that their WhatsApp database has been uploaded. So, we can conclude that every application can read the WhatsApp database and it is also possible to read the chats from the encrypted databases. Facebook didn’t need to buy WhatsApp to read your chats.” Bosschert said.

While that was quite a tidbit, WhatsApp’s latest update lets you disable last seen on the app. But, this flaw is quite a big scare, since it leaves your SDcard exposed. Most Android apps actually ask you for permission to access your SDcard.

WhatsApp, on the other hand, has stated that the app will not leave your SDcard exposed ‘in normal circumstances’. If you download a malicious app though, they wouldn’t be able to help you. That wouldn’t only leave your WhatsApp data exposed, rather everything on your SDcard would be exposed including the data.

Bosschert on the other hands still concludes that WhatsApp chat logs will still be exposed despite the new update.

WhatsApp already has an update in the works, which will add features like voice calling. Lets hope it addresses this issue too.