Source: Joe Maring / Android Central
What you need to know
- WhatsApp group chats may be far less private than one would imagine.
- Invite links for private WhatsApp groups can be easily found via a Google Search, meaning anyone could potentially join a private chat.
- The issue likely stems from a mistake on WhatsApp's part.
A journalist for DW News this week tweeted out a grim warning: "Your WhatsApp groups may not be as secure as you think they are."
The reason for his concern? Invite links for WhatsApp groups are being indexed by Google's search engine, meaning that if a link to your private group exists anywhere on the internet, anyone could potentially find the link and join your group with just a quick Google search.
Doing so is as simple as typing in "site:chat.whatsapp.com" into the search bar on Google. Once you do, you can see that Google has indexed up to 470,000 such links, meaning hundreds of thousands of groups could potentially be accessible this way.
Admittedly, some of these links could have been intended for public sharing by their group administrators, but as discovered by Vice News and some Twitter users, some of the groups indexed by Google almost certainly weren't meant to be public.
You can find groups belonging to NGOs and other organizations. Some of the indexed groups possibly also contain illegal material, with one Twitter user even identifying groups that seemingly pertain to child pornography.
WhatsApp has issued the following statement to Vice:
Group admins in WhatsApp groups are able to invite any WhatsApp user to join that group by sharing a link that they have generated. Like all content that is shared in searchable, public channels, invite links that are posted publicly on the internet can be found by other WhatsApp users. Links that users wish to share privately with people they know and trust should not be posted on a publicly accessible website.
However, as app reverse-engineer Jane Manchun Wong points out, WhatsApp could have avoided many of these groups being indexed by changing some of the settings associated with group invite links, such as by using the 'noindex' meta tag.
The issue had been pointed out to Facebook's bug bounty program by a researcher last year, but the company ruled that it did not warrant a bounty with a statement similar to the one given to Vice.
WhatsApp passes the 2 billion monthly users mark
Have you listened to this week's Android Central Podcast?
Every week, the Android Central Podcast brings you the latest tech news, analysis and hot takes, with familiar co-hosts and special guests.
We may earn a commission for purchases using our links. Learn more.
God of War timeline and history: The full story so far
Maybe you jumped on the God of War train sometime after the first game, or maybe you just need a refresher. No matter what, we're here to help. Here's the God of War timeline and history, giving you the full story so far.
Rooting and ROM hacking as an Android newbie was a risky challenge
One of the perks of Android over iOS is its superior customization tools, but for hardcore users those aren't enough. Despite being new to Android, I decided to try and root my OnePlus phone and flash a custom ROM. It went about as well as you'd expect a rookie to do. And that's the problem: a process that courts disaster and a process designed for hacking veterans.
It's time for Samsung to bring faster charging speeds to the Galaxy S22
Samsung is likely already gearing up for the Galaxy S22 next year, and the biggest upgrade the company could give us is faster charging speeds.
Put your wallet away and pay with your Wear OS watch instead
Ready to start paying for your coffee with only your smartwatch? Here are all the Wear OS watches that support Google Pay.