Can your real-time location be seen, tracked, and exposed through a simple WhatsApp correspondence, despite the platform promising the most secure end-to-end encryption? Let's find out! We also discover how to avoid such incidents and enjoy an overall safer WhatsApp environment.
WhatsApp's location-sharing feature can be super convenient for meeting up with friends or sharing destination insights. However, ensuring your location information remains protected is paramount in an era where online privacy gets easily compromised.
Whether you're concerned about personal safety or data security, taking steps to protect the information about your whereabouts can make a difference. This guide explores some strategies to help you maintain control over your WhatsApp location and other sensitive data while using this popular messaging app.
Is WhatsApp truly private?
With over a billion users, WhatsApp is the world's most popular encrypted messenger. As such, it has been widely regarded as a secure messaging platform. However, questions have been raised about the broader privacy implications, especially regarding data collection practices and vulnerabilities.
General privacy
WhatsApp's end-to-end encryption ensures no one besides the sender and recipient can read the messages – not even WhatsApp can decrypt them. The encryption extends to calls, messages, and status updates, but also multimedia, such as photos, videos, voice messages, and documents. This important privacy feature is what distinguishes WhatsApp from many other messaging services.
Metadata
However, privacy on WhatsApp and similar platforms goes beyond encryption. The app collects metadata, which includes information about the frequency and duration of your conversations, who you are communicating with, and your device information. While this metadata does not reveal the content of your messages, it can still provide significant insights into your communication patterns.
Your live or current location, for example, also gets encrypted. However, WhatsApp collects and processes some of its elements – such as your IP address, GPS, Bluetooth signals, and network data. These are then used for creating precise location-based features. On a positive note, you can stop sharing your location or disable access to your location data at any time.
Furthermore, WhatsApp shares some user data with its parent company, Meta (formerly Facebook), for purposes like improving service quality and offering better-targeted advertisements. Despite its encryption, WhatsApp has faced scrutiny over how it handles user data and its integration with Meta's vast advertising ecosystem. Users should consider these aspects to make informed decisions about using the platform and increasing their privacy.
What data does WhatsApp collect?
Here's a detailed overview of the metadata and other user information that WhatsApp collects:
- Account information – First things first, WhatsApp collects your primary identifier on WhatsApp, essential for account creation and communication – your phone number. Next comes your other profile information, such as your profile picture, status message, and any other personal details you choose to disclose in your profile.
- Undelivered messages – WhatsApp does not store your messages once they are delivered. However, if a message is undelivered, it is held in an encrypted form on WhatsApp’s servers for up to 30 days before being deleted.
- Media files – Photos, videos, and documents sent through WhatsApp may be temporarily stored on the servers to aid in efficient delivery.
- Usage and log information – WhatsApp tracks how you use the app, including interaction patterns, frequency of messages, and the features you use. The same goes for your log information, such as your IP address, device information (e.g., operating system, phone model), and timestamps related to your app usage.
- Transactional information – If you use WhatsApp's payment services, the app collects transaction data, including payment method and transaction details. This information is used to facilitate and track transactions.
- Device and connection information – WhatsApp collects unique device identifiers to manage accounts and maintain the security of the app.
- Connection information – Information about your internet connection type (e.g., Wi-Fi, cellular) and network is collected to improve service quality and connectivity.
- Location information – With your permission, WhatsApp collects and uses precise location information from your device. This data is used to enhance location-based services, such as sharing your live location in chats. Your IP address can also provide approximate location data, which WhatsApp collects to ensure proper service delivery and enhance security.
- Contacts – With your permission, WhatsApp can access your contact list to identify other WhatsApp users and facilitate communication. The app collects the phone numbers of your contacts but does not store their names or other details.
- Cookies – WhatsApp uses cookies to operate its web-based services, remembering your login status and providing customized experiences. Cookies help in enhancing the functionality and usability of the app.
How else can your location data be exposed on WhatsApp?
Apart from your IP address and live location data, other identifiers can also expose your location information on WhatsApp. Using third-party apps to read those identifiers can make this type of information vulnerable to exposure. What's more, someone else could be using a third-party app to grab your location information without your consent.
What do we mean by this?
Researchers have discovered a method to determine the location of WhatsApp users with approximately 75% accuracy using a specific timing attack. The attackers send a message to the target and measure the time it takes to receive a delivery notification. This time correlates with the distance the message travels, making it possible to infer the target’s location based on the delivery delay.
This vulnerability affects all operating systems and devices running WhatsApp, due to the configuration of mobile networks and instant messaging server infrastructure. This results in predictable delivery delays based on the target’s location. By using precise timing measurements with tools like Wireshark, attackers can establish a baseline by messaging the target at known locations and noting the delivery times.
Once attackers have this calibration data, they can locate their target by matching the timing of each new delivery notification with the established baseline. This technique allows attackers to determine the victim’s country, city, or district, regardless of whether the target is connected to WiFi or cellular networks like LTE/5G.
The risks of WhatsApp location information tracking
Although generally considered a secure place for chatting, WhatsApp location data tracking poses significant privacy and security risks, especially since the data is shared with Meta and other third parties. Here's a closer look at the potential dangers:
Privacy invasion
As long as malicious actors can almost accurately determine your location, your privacy is already compromised. They can track your movements, know where you live, work, and what sites (physical and virtual) you frequent, and potentially gather sensitive information about your routines and habits. This invasion of privacy can lead to unwanted surveillance, monitoring, and worse.
Security dangers
Location tracking can escalate into serious security threats. Criminals could use your location data for dangerous activities such as stalking, burglary, or to inflict physical harm. An example of this is burglars knowing when to break in based on the information about when you are away from home. Worse even, knowing your daily routines can make it easier for stalkers to harass or attack you.
Financial data (and money) exploitation
Location information can be exploited for financial gain. Data thieves could sell your location information to third parties, including advertisers and data brokers, without your consent. This data could then be used to create detailed profiles about you, which could be used for targeted advertising, identity theft, or other manipulative practices. Not to mention, identity theft could lead to financial exploitation and various other money-related scams.
Job-related risks
Location tracking can pose significant risks for individuals with sensitive (public) jobs, such as journalists, activists, or government officials. Their movements and interactions could be monitored, leading to potential safety risks or even life-threatening situations.
Relationship risks
In personal relationships, location information abuse can lead to trust issues and conflicts if individuals feel their privacy is being violated. In extreme scenarios, location tracking could lead to abductions or physical attacks.
How to protect your location information on WhatsApp?
Knowing all this can be discomforting, but, luckily, there are steps each of us can take to protect location information on WhatsApp.
Disable live location sharing
For a start, practice disabling your live location sharing whenever the feature is not in use. In WhatsApp settings, you can turn off or limit live location sharing to specific contacts, and for a limited time.
To disable location sharing on WhatsApp:
- Open WhatsApp and go to the chat where you shared your location.
- Tap on the location message.
- Select Stop Sharing or Delete for Everyone if it's a recent share.
Control app permissions
On your phone's settings, manage WhatsApp's permissions to access your location. Set it to While Using the App or Never depending on your preference. Depending on your phone type and model, you might need to toggle the WhatsApp location-sharing button off in the device settings.
To disable location permissions for WhatsApp in your phone’s settings:
- Go to your phone’s settings.
- Navigate to Apps or App Permissions.
- Find WhatsApp and select Location.
- Set the location permission to Deny or Never.
Manage privacy settings
WhatsApp offers privacy settings where you can set up who can see your profile photo, status, and last seen timestamp. Adjust these settings to prevent the exposure of personal information to all your contacts.
Deny third-party integrations
Be cautious with third-party apps or services that request access to your WhatsApp data, including location. Never allow unfamiliar or unexpected app interference.
Regularly update WhatsApp
Keeping your WhatsApp software updated to the latest version will ensure you can benefit from the latest security patches and features, significantly reducing the risk of breaches. The same goes for your device(s)
How to make WhatsApp more secure
Additionally, you can enhance your WhatsApp security by practicing these smart habits:
- Use a VPN – A VPN (Virtual Private Network) masks your IP address by routing your internet traffic through a secure server in a different location. This makes it difficult for anyone to trace you based on your IP address. Using a VPN can protect your location information when using WhatsApp but also enhance your overall online privacy. Renowned VPNs, like ExpressVPN and NordVPN, come with a set of advanced privacy and security features including malware protection and stealth mode.
- Use strong passwords – Setting up strong passwords on your phone, WhatsApp, and similar platforms, and regularly updating them, can significantly reduce chances of unauthorized access and location information breaches.
- Enable two-step verification – Two-factor authentication (2FA) means cybercriminals have to pass at least two different defense levels when trying to steal your (location) data. Setting up two-step verification in WhatsApp, therefore, ensures added security when logging in.
- Disable read receipts – This prevents others from knowing when you’ve read their messages, which can indirectly protect your location.
- Beware of scams – Be cautious of phishing attempts and similar scams that target WhatsApp users. Avoid clicking on suspicious links and don't share personal information unless absolutely necessary.
Final word
While WhatsApp provides robust encryption for messages, some sensitive data, like personal and location information, still get recorded and even shared with other companies. On top of that, researchers have discovered a vulnerability that could expose the location of WhatsApp users with approximately 75% accuracy using a specific timing attack.
Ensuring privacy and security on the app requires proactive steps from users. By understanding WhatsApp's data collection practices, managing privacy settings, and staying updated on security measures, we can protect our information while enjoying the convenience of chatting on the platform.