WhatsApp: Security experts warn that Facebook’s talk app can be insecure, despite Amnesty recommendation, The Independent
WhatsApp: Security experts warn that Facebook’s talk app can be insecure, despite Amnesty recommendation
Facebook and WhatsApp were ranked the most secure talk apps by Amnesty, but there are big problems with both of the apps, say security experts
- Andrew Griffin
- @_andrew_griffin
- Friday twenty one October two thousand sixteen 11:16 BST
The Independent Tech
WhatsApp and Facebook Messenger are the most secure talk platforms, according to Amnesty International. But that decision has already met with scepticism from people in the technology community, some of whom have warned that it might not be safe to use the apps at all.
Amnesty gave Facebook and WhatsApp a score of seventy three out of one hundred – its highest – to the two apps, which it didn’t distinguish inbetween. But it particularly picked out WhatsApp, which it said was “the only app where users are explicitly warned when end-to-end encryption is not applied to a particular chat”.
It did have some criticism for Facebook, which doesn’t apply strong encryption by default and doesn’t warn users that they’re not using the most secure technology. Facebook does that in part because Messenger conversations are valuable information for the company to read and use for advertising.
Gadgets and tech news in pictures
Gadgets and tech news in pictures
Designed by Pierpaolo Lazzarini from Italian company Jet Capsule. The I.F.O. is fuelled by eight electrical engines, which is able to thrust the flying object to an estimated top speed of about 120mph.
Jet Capsule/Cover Photos
A humanoid robot gestures during a demo at a stall in the Indian Machine Contraptions Expo, IMTEX/Tooltech two thousand seventeen held in Bangalore
A humanoid robot gestures during a demo at a stall in the Indian Machine Implements Expo, IMTEX/Tooltech two thousand seventeen held in Bangalore
Engineers test a four-metre-tall humanoid manned robot dubbed Method-2 in a lab of the Hankook Mirae Technology in Gunpo, south of Seoul, South Korea
Jung Yeon-Je/AFP/Getty Pics
Engineers test a four-metre-tall humanoid manned robot dubbed Method-2 in a lab of the Hankook Mirae Technology in Gunpo, south of Seoul, South Korea
Jung Yeon-Je/AFP/Getty Pics
The giant human-like robot bears a striking resemblance to the military robots starring in the movie ‘Avatar’ and is claimed as a world very first by its creators from a South Korean robotic company
Jung Yeon-Je/AFP/Getty Pics
Engineers test a four-metre-tall humanoid manned robot dubbed Method-2 in a lab of the Hankook Mirae Technology in Gunpo, south of Seoul, South Korea
Jung Yeon-Je/AFP/Getty Photos
Waseda University’s saxophonist robot WAS-5, developed by professor Atsuo Takanishi
Waseda University’s saxophonist robot WAS-5, developed by professor Atsuo Takanishi and Kaptain Rock playing one string light saber guitar perform jam session
A test line of a fresh energy suspension railway resembling the giant panda is seen in Chengdu, Sichuan Province, China
A test line of a fresh energy suspension railway, resembling a giant panda, is seen in Chengdu, Sichuan Province, China
A concept car by Trumpchi from GAC Group is shown at the International Automobile Exhibition in Guangzhou, China
A Mirai fuel cell vehicle by Toyota is displayed at the International Automobile Exhibition in Guangzhou, China
A visitor attempts a Nissan VR practice at the International Automobile Exhibition in Guangzhou, China
A man looks at an exhibit entitled ‘Mimus’ a giant industrial robot which has been reprogrammed to interact with humans during a photocall at the fresh Design Museum in South Kensington, London
A fresh Israeli Da-Vinci unmanned aerial vehicle manufactured by Elbit Systems is displayed during the 4th International conference on Home Land Security and Cyber in the Israeli coastal city of Tel Aviv
Electrification Guru Dr. Wolfgang Ziebart talks about the electrical Jaguar I-PACE concept SUV before it was unveiled before the Los Angeles Auto Showcase in Los Angeles, California, U.S
The Jaguar I-PACE Concept car is the begin of a fresh era for Jaguar. This is a production preview of the Jaguar I-PACE, which will be exposed next year and on the road in 2018
Japan’s On-Art Corp’s CEO Kazuya Kanemaru poses with his company’s eight metre tall dinosaur-shaped mechanical suit robot ‘TRX03’ and other robots during a demonstration in Tokyo, Japan
Japan’s On-Art Corp’s eight metre tall dinosaur-shaped mechanical suit robot ‘TRX03’
Japan’s On-Art Corp’s eight metre tall dinosaur-shaped mechanical suit robot ‘TRX03’ performs during its unveiling in Tokyo, Japan
Singulato Motors co-founder and CEO Shen Haiyin poses in his company’s concept car Tigercar P0 at a workshop in Beijing, China
The interior of Singulato Motors’ concept car Tigercar P0 at a workshop in Beijing, China
Singulato Motors’ concept car Tigercar P0
A picture shows Singulato Motors’ concept car Tigercar P0 at a workshop in Beijing, China
Connected company president Shigeki Tomoyama addresses a press briefing as he elaborates on Toyota’s "connected strategy" in Tokyo. The Connected company is a part of seven Toyota in-house companies that was created in April 2016
A Toyota Motors employee demonstrates a smartphone app with the company’s pocket plug-in hybrid (PHV) service on the cockpit of the latest Prius hybrid vehicle during Toyota’s "connected strategy" press briefing in Tokyo
An exhibitor charges the battery cells of AnyWalker, an ultra-mobile chasis robot which is able to budge in any kind of environment during Singapore International Robo Expo
A robot with a touch-screen information apps stroll down the pavillon at the Singapore International Robo Expo
An exhibitor demonstrates the AnyWalker, an ultra-mobile chasis robot which is able to budge in any kind of environment during Singapore International Robo Expo
Robotic fishes swim in a water glass tank displayed at the Korea pavillon during Singapore International Robo Expo
An employee shows a Samsung Electronics’ Gear S3 Classic during Korea Electronics Showcase two thousand sixteen in Seoul, South Korea
Visitors practice Samsung Electronics’ Gear VR during the Korea Electronics Grand Fair at an exhibition hall in Seoul, South Korea
Amy Rimmer, Research Engineer at Jaguar Land Rover, demonstrates the car manufacturer’s Advanced Highway Assist in a Range Rover, which drives the vehicle, overtakes and can detect vehicles in the blind spot, during the very first demonstrations of the UK Autodrive Project at HORIBA MIRA Proving Ground in Nuneaton, Warwickshire
Chris Burbridge, Autonomous Driving Software Engineer for Tata Motors European Technical Centre, demonstrates the car manufacturer’s GLOSA V2X functionality, which is connected to the traffic lights and shares information with the driver, during the very first demonstrations of the UK Autodrive Project at HORIBA MIRA Proving Ground in Nuneaton, Warwickshire
Ford EEBL Emergency Electronic Brake Lights is demonstrated during the very first demonstrations of the UK Autodrive Project at HORIBA MIRA Proving Ground in Nuneaton, Warwickshire
Full-scale model of ‘Kibo’ on display at the Space Dome exhibition hall of the Japan Aerospace Exploration Agency (JAXA) Tsukuba Space Center, in Tsukuba, north-east of Tokyo, Japan
Miniatures on display at the Space Dome exhibition hall of the Japan Aerospace Exploration Agency (JAXA) Tsukuba Space Center, in Tsukuba, north-east of Tokyo, Japan. In its facilities, JAXA develop satellites and analyse their observation data, train astronauts for utilization in the Japanese Experiment Module ‘Kibo’ of the International Space Station (ISS) and develop launch vehicles
The robot developed by Seed Solutions sings and dances to the music during the Japan Robot Week two thousand sixteen at Tokyo Big View. At this biennial event, the participating companies exhibit their latest service robotic technologies and components
The robot developed by Seed Solutions sings and dances to music during the Japan Robot Week two thousand sixteen at Tokyo Big Glance
Government and industry are working together on a robot-like autopilot system that could eliminate the need for a 2nd human pilot in the cockpit
Aurora Flight Sciences’ technicians work on an Aircrew Labor In-Cockpit Automantion System (ALIAS) device in the hard’s Centaur aircraft at Manassas Airport in Manassas, Va.
43/43 Flight Simulator
Stefan Schwart and Udo Klingenberg preparing a self-built flight simulator to land at Hong Kong airport, from Rostock, Germany
WhatsApp has been repeatedly praised for its decision to integrate end-to-end encryption into its apps. That technology makes sure that messages can only be read by the person sending and receiving it, and has got WhatsApp into problems in the past – the app was shut down in Brazil because authorities wished to be able to read the conversations being had on it.
WhatsApp update brings big fresh iOS switches
But it has come into criticism from other technology groups, including the Electronic Frontier Foundation. That organisation has even warned people that they should be careful before using WhatsApp for sensitive conversations,for fear that they might be read.
Most recently, WhatsApp’s privacy policies were criticised when it announced that it would commence sharing user data with Facebook. That would see it give up information – however not the contents of talks – to its parent company, which would then use those to better target ads.
And the EFF also pointed to a range of other problems with the privacy instruments on WhatsApp, despite Amnesty’s encouragement.
It pointed out, for example, that the app uses unencrypted backups. Those are useful for restoring a phone if it is lost, stolen or a user buys a fresh one – but it also means that messages are sent to the cloud without any protection, meaning that it would be possible for someone to break into that backup and read whichever messages they like.
Even if a user tells the app that they don’t want conversations backing up, that might not keep them from being stored in the cloud. If the person a user is talking to is using the backup feature, then the messages will be stored without encryption anyway.
The EFF also took issue with the way that WhatsApp integrates encryption into its user practice, and the fact that the web app that can be used to send messages from a computer could also be vulnerable to attack.
The group did praise the fact that WhatsApp makes use of the Signal protocol – a very well-regarded encryption standard that keeps messages secure. But it said the various other problems with it made security and privacy a concern when using WhatsApp.
The Electronic Frontier Foundation makes two main recommendations to Facebook and WhatsApp to make themselves more secure.
The very first is that the app makes it far lighter to enable strong privacy while using it. “A slider that would switch on all of the protective options—such as disabling backups, enabling key switch notifications, and opting out of aspects of data sharing—would make it far lighter for users to take control of their security,” the group wrote.
Read more
The other is that WhatsApp make it far more clear what is being collective with Facebook. It should lay out specifically which bits of information it will be sharing with the site, it wrote, and so showcase that some information won’t be collective with its parent company.
The group urges that people “take extra caution when determining whether and when to communicate using WhatsApp”, until such switches are made.
The group also recommends that people use Signal if they want to keep messages more secure. It is expected to publish its own version of Amnesty’s scorecard in the near future.