Security researcher discovers WhatsApp Web users’ phone number and messages could again be found by strangers via search engines like Google. — OLIVER GRAUMNITZ/Pixabay
WhatsApp’s privacy woes have resurfaced, after users’ phone numbers and messages were discovered being indexed by search engines.
Cybersecurity researcher Rajshekhar Rajaharia tweeted that WhatsApp Web users’ data was being indexed on Google again, pointing out that this was the third time the issue had occurred.
When information is indexed, it can be found in a search engine and made public. As such, companies generally take measures to prevent private data from being indexed.
15 Jan 2021, If you are using @WhatsApp Web, your Mobile Number and Messages are being index by @Google again. Don't know why WhatsApp is still not monitoring their website and google. This is 3rd time.#Infosec #Privacy #infosecurity #GDPR #Whatsapp #Privacy #Policy #Google pic.twitter.com/D6o1emxDgv
— Rajshekhar Rajaharia (@rajaharia) January 15,2021
He had pointed out a similar issue earlier on Jan 11, where users’ profiles and invitations to join group chats were exposed on Google, which enabled strangers to potentially find users’ phone numbers or even join chats.
WhatsApp responded by removing the group invites and profile links from Google’s search.
It also issued a statement to tech website Gadgets360, saying that it had included the “noindex” tag on all deep link pages (a type of link that sends users directly to an app), which should exclude them from being indexed.
“We have given our feedback to Google to not index these chats. As a reminder, whenever someone joins a group, everyone in that group receives a notice and the admin can revoke or change the group invite link at any time,” added the spokesperson.
In regards to the latest leak, Rajshekhar noted that WhatsApp was using a “Robots.txt” file and a “disallow all” setting, to instruct Google not to index anything.
Though a Robots.txt, or robots exclusion protocol, is generally used to instruct web crawlers (which index pages) to stay away, Google was still indexing WhatsApp user data.
Rajshekhar explained why this was still occurring: Google requires page owners not to use Robots.txt when using the “noindex” tag, as stated in its search indexing help page.
This is because the features clash, with Google unable to detect the “noindex” tag if it was being stopped by Robot.txt.
As of publication time, WhatsApp has not responded to Rajshekhar on how it would resolve the latest problem.
Did you find this article insightful?
88% readers found this article insightful