WhatsApp, its owner Facebook or even the US government can access user messages due to an encryption loophole discovered in the application, The Guardian newspaper reported, citing a security expert at the University of California, Berkeley.
“If WhatsApp is asked by a government agency to disclose its messaging records, it can effectively grant access due to the change in keys,” Tobias Boelter told the newspaper.
The security backdoor involves the application resending offline users' messages with new encryption keys, unknown to both senders and receivers. The rebroadcasting theoretically allows WhatsApp or Facebook to tap into conversations to read single messages or entire conversations, according to the researcher.
WhatsApp, which is used by around one billion people, has been at the center of a privacy controversy since being acquired by Facebook in 2014. The social network at first pledged not to interfere with the existing privacy rules and to minimize the number of advertisements, but privacy policy changes came about in 2016, allowing more data sharing between the two platforms. The data sharing was halted after the European Union charged Facebook with providing misleading information on its merger with WhatsApp.