WhatsApp for Android Major Security Flaw Lets Other Apps Read the Messages
WhatsApp Android security flaw:
Bas Bosschert, a security expert and CTO at DoubleThink, has revealed that WhatsApp for Android is open to prying eyes from any other application on the device. Bosschert has found that the malicious intrusion into WhatsApp messages is possible by the way these chats are stored and encrypted.
This revelation comes right after the hours' long disruption of WhatsApp services which quite tainted the flawless record of the short messaging service. WhatsApp is one of most used apps for text messages and has highest growth rate among all the tech firms. The short messaging app was acquired by Facebook in February for a crazy $19 billion.
This latest WhatsApp Android security flaw has more to do with the Android works rather than the app itself. However, users would be right to freak out to know that any other app can easily get hold of their chat messages. Bosschert has detailed a method for accessing WhatsApp chats which works even after yesterday's update to 2.11.186:
The WhatsApp database is saved on the SD card which can be read by any Android application if the user allows it to access the SD card. And since majority of the people allows everything on their Android device, this is not much of a problem.
Since WhatsApp keeps your chat conversations stored on SD card, it is easy for any other app to access to chat message through SD card. As Bosschert has mentioned, it is not a major problem for any app to access SD card as users mostly allow these requests. Although WhatsApp has taken steps to encrypt conversations stored in SD card, Bosschert was able to get to those chats using a custom Python script.
The WhatsAppp database is a SQLite3 database which can be converted to Excel for easier access. Lately WhatsApp is using encryption to encrypt the database, so it can no longer be opened by SQLite. But we can simply decrypt this database using a simple python script. This script converts the crypted database to a plain SQLite3 database (got key from Whatsapp Xtract).
This WhatsApp Android security flaw has more to do with Android, as aforementioned, since open OS makes it easier for apps to get access to SD card data. However, WhatsApp can improve security by not storing conversations this way in the SD card.
Let's wait if the company alters the way it store and encrypts WhatsApp messages thus improving security or sends out any update for Android users.
Source: Steal WhatsApp Database