WhatsApp shares phone numbers with Google

The έχει γίνει η νούμερο ένα εφαρμογή ανταλλαγής μηνυμάτων για κινητά, καθώς το προσπάθησε να την κάνει κάτι περισσότερο από ένα απλό which allows users to chat from Android and iOS.

The Click to Chat feature, for example, allows to WhatsApp accounts to contact each other using a QR code or custom URL.

This feature is supposed to be used by businesses to allow their customers to communicate directly, as Click to Chat only requires a scan of a QR code to start a messaging session without even knowing the other party's phone number.

However, the phone number is revealed once the why the QR code and URLs include this information because Click to Chat would not be able to link the two accounts otherwise.

Security researcher Athul Jayaram has discovered that this feature exposes users' phone numbers, as they could be indexed by Google because of the way QR was created.

Basically, it's all due to the metadata included in the QR code or the custom URL which, as mentioned above, includes phone numbers. WhatsApp uses a public domain called wa.me for the whole issue and once Google starts crawling the pages hosted there, it will have all the Click to Chat links created, along with the phone numbers.

Essentially, the Google can read phone numbers and then index them, enabling everyone to find out a specific phone number.

At first it may not seem like much, but as the researcher explains in an analysis that he published at Threatpost, malicious users could collect a lot more information than they currently collect. For example, once a malicious user seizes someone's phone number, they can access their WhatsApp profile picture and then use the photo to search social media for more information to associate with more accounts and therefore receive additional information.

The researcher reports that he discovered about 300.000 WhatsApp phone numbers in Google, so he notified the company that belongs to Facebook through a bug bounty program.

WhatsApp, on the other hand, said that the users themselves decide if they want to share any information.

"While we value this researcher's report and value the time he / she took to share it with us, it does not qualify for the bug bounty, as it simply contained a search engine index with URLs chosen by WhatsApp users to publish. "All WhatsApp users, including businesses, can block publicity at the touch of a button," said a company spokesman.

At the same time, Google reports that it only indexes public pages and only webmasters can remove URLs.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).