Like it or not, WhatsApp is one of the most popular messaging applications out there, and billions around the world use it. Unfortunately, for a tool that's integral to communication for such a large audience, security is far from airtight. It was recently discovered that anyone could suspend someone's WhatsApp account by just knowing their number. Now, another research report sheds light on a staple feature that's being exploited by several apps and services to reveal the targeted user's app behavior.
As pointed out by cybersecurity firm Traced, these apps and services exploit the online status feature to let third parties track when an individual is using the app. One simply needs to enter the mobile number of the person they want to stalk, and these apps will do the rest for them. They can notify these third parties when their targets are online/offline and generate full-blown reports of their app usage history based on this information.
These apps are readily available and often disguised as tools for parents to keep track of their children's online activity. I tried out one such app from the Google Play Store and it worked just as advertised. It sent me alerts when a particular contact (another number of mine) came online or went offline and it can map this information on a graph showing when and how much of the time I was online. There's even an option to track multiple contacts at once, allowing the possibility to deduce if two contacts are potentially talking to each other.
The graphs aren't populated yet because I only just tried out the service, but you get the picture.
Considering Google doesn't allow cyberstalking apps on the Play Store, it's a bit surprising that these are available in troves — some even have a subscription model that unlocks unlimited tracking/additional features.
Unfortunately, WhatsApp doesn't let users disable unknown numbers from seeing their online status, so there's nothing you can do to prevent anyone from knowing when and for how long you use the app. WhatsApp hasn't commented on this issue yet but we'll update the article if we hear anything.