Whatsapp has defended itself against claims that a feature of its site creates privacy problems by letting search engines index users’ phone numbers.
The feature lets users start a WhatsApp chat with another user without saving their phone number. However, according to reports this creates a link that is indexed by search engines without explicit permission being given by users.
Researcher Athul Jayaram is quoted on Threatpost.com, saying “As individual phone numbers are leaked, an attacker can message them, call them, sell their phone numbers to marketers, spammers, scammers.” He claims that it would be easy for a hacker to conduct a reverse-image search of the exposed profile picture and pinpoint the identity of the user.
WhatsApp owns the ‘wa.me’ domain used to host the Click to Chat feature which Jayaram confirms is not equipped with a ‘robots.txt’ file that stops search engines crawling phone numbers on the website.
A spokesperson for WhatsApp owner Facebook said, “While we appreciate this researcher’s report and value the time that he took to share it with us, it did not qualify for a bounty since it merely contained a search engine index of URLs that WhatsApp users chose to make public. All WhatsApp users, including businesses, can block unwanted messages with the tap of a button.”
Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit https://digital.privsec.info/.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.