WhatsApp is a popular messaging service that was acquired by Facebook in 2014. At the beginning of 2021, WhatsApp updated its terms and conditions, making data sharing with Facebook unavoidable. Despite this, WhatsApp remains one of the most popular messaging services in Germany, especially among 16–24-year-olds.
But how secure is WhatsApp really? And what can I do to communicate more securely? Everything about security, transparency, and data storage on WhatsApp can be found here:
Security
Since 2016, WhatsApp has offered end-to-end encryption for its users. End-to-end encryption means that messages are encrypted on the sender’s device and can only be decrypted by the recipient.
The encryption algorithm is based on the Signal protocol and is therefore verifiable—unlike Telegram. End-to-end encryption ensures that only the sender and recipient can read the message(s). However, be careful: chat messages are only fully secure if both parties are using the latest version of the app.
However, WhatsApp also has less favorable security aspects: metadata (such as location and the timing of messages) is stored by WhatsApp and shared directly with Facebook. By collecting metadata, a significant amount of personal information can be inferred. For example, if someone responds quickly and late at night to a particular person, it may indicate a close relationship. This collection of data is known as “profiling.”
Because when an app is free, the users are often the product. This is also the case with WhatsApp: users voluntarily share their data, which WhatsApp—and therefore Facebook—uses to generate revenue. Anyone interested in learning more should watch the documentary The Social Dilemma.
Data storage & transparency
Returning to WhatsApp: in addition to metadata, WhatsApp also stores the entire contact list of a user as well as chat content in the form of backups. According to the terms and conditions, users should obtain consent from each contact before sharing their data with WhatsApp. However, very few people actually do this. Even if chat messages themselves are not directly stored, they still exist—along with all metadata and contacts—in backup form on WhatsApp’s servers in the United States.
It is also important to be aware that all this data is stored on U.S. servers, where U.S. laws apply. These data protection laws are not comparable to German data protection standards.
One positive aspect of WhatsApp is its encryption protocol: it uses the well-known Signal protocol, which is open source and considered highly secure. It was developed by international security experts and is also used in the messaging app Signal.
3 tips to make communication via WhatsApp more secure:
1. Keep the app up to date
Sounds simple—and it is. As soon as updates are available, just install them.
2. Avoid chat backups
Chat backups are outsourced by WhatsApp to external clouds such as Google. This means that end-to-end encryption is no longer effective. If a backup is not absolutely necessary, it is best not to use it.
3. Enable security notifications
Never heard of a security number? No problem! Every user on WhatsApp has their own security number. If you enable this setting, you will be notified whenever a contact’s security number changes. This helps protect you from so-called “man-in-the-middle attacks,” where an unauthorized third party intercepts communication between you and the intended recipient.
Conclusion
In summary, WhatsApp as a messaging service can be considered “insecure” for several reasons. Although chat messages are encrypted, metadata, the contact list, and chat backups are stored and processed by WhatsApp—and shared in part with Facebook.
If you do not want your data to be shared with Facebook, you should consider using a more secure messaging service such as Signal or Threema.
