Two developers discover how to load and read a WhatsApp conversation from another Android app
WhatsApp’s security has been called into question on numerous occasions and, as we will see below, it seems that the company is still guilty of many errors that could be considered ” unforgivable ” to this day given the large user base they have and what a massive data leak would entail.
” Is it possible to load and read WhatsApp chats from another Android application? ” This was the question from which two brothers, both developers, started researching the possibility of breaching WhatsApp security on Android . The result of this investigation is a resounding “s í, it’s possible “, but to get there we’ll take a closer look at the steps taken by the two developers to arrive at such a bold statement.
We must assume that the WhatsApp database in Android is stored on the device’s SD card (as the vast majority of Android-compatible smartphones include it). Most applications can access the SD if the user has previously authorized them, which the vast majority do, so this is not a big problem.
Therefore, we would be looking at a problem in the Android permission system rather than a real WhatsApp security hole. The problem with this is that, once permission has been granted, any malicious application could copy the entire database on the SD card and send it to an external server.
WhatsApp responds: “the reports have not drawn a very accurate picture of reality and are exaggerated”
The encryption under which all WhatsApp conversations are stored seems to be no great obstacle to accessing its content since, as the developers themselves have been able to demonstrate, can be easily decrypted using the Python tool .
For its part, WhatsApp was quick to respond to this new blow to its security. Here you can read the company’s response:
As we can see, the response to the two developers’ discovery seems to take all the iron out of the matter and leave the ball in the users’ court. However, it’s curious how they haven’t commented on the relative ease of breaking the encryption once you have access to the database.
Is WhatsApp still an insecure app or is it the fault of the operating system?