nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

back to article
WhatsApp laid bare: Info-sucking app's innards probed

Big Brother

Collects whats?

Hold on, all this data and metadata it's collecting... Is it related to the app itself (it's own call making and messaging abilities etc.) or ALL types of calls (and other activities) made from the mobile?

19
0

Re: Collects whats?

I was wondering that, from the article it seems like it's only collecting what it needs to function, but given that there's an actual article on it in the first place that can't be the right interpretation surely

4
0
Silver badge

Re: Collects whats?

You can read the paper itself here, and from my quick read it does indeed look like the metadata all related to calls made by the Whatsapp program, which is a very different thing to slurping data about phone calls.

6
0
Bronze badge

Re: Collects whats?

In which case, what's the exact thrust of the article? That it's NOT, in fact, a spyware application?

0
0
Anonymous Coward

Re: Collects whats?

> You can read the paper itself here

Thanks for the link. I don't understand why it wasn't provided in the article itself.

1
0
Silver badge
Paris Hilton

Re: Collects whats?

Elsevier has a journal called "Digital Investigation"? An upmarket Phrack?

Still, good work at analyzing the innards of the protocol, but it's about as "info-sucking" as SS7. Or not. It depends what is going over the protocol once it has been set up.

But clearly the goal is to help the gumshoes:

From its wide adoption, it is obvious how WhastApp communication exchanges may be used during an nvestigation, making the artifacts it produces of compelling forensic relevance. Therefore, we see a strong necessity for both researchers and practitioners to gain a comprehensive understanding of the networking protocol used in WhatsApp, as well as the type of forensically relevant data it contains. Most importantly, due to the newly introduced calling feature, it becomes essential to understand the signaling messages used in the establishment of calls between the WhatsApp clients and servers. The methods and tools used in this research could be relevant to investigations where proving that a call was made at a certain date and time is necessary.

0
0

Re: Collects whats?

Indeed, so 'application for making phone calls, uses relevant phone numbers' would be more accurate, but less clickworthy.

1
0
Silver badge
Stop

Decryption

How did the researches work all this out. Did they break WhatsApp encryption, does WhatsApp not encrypt traffic on the wire?

1
0

Re: Decryption

Whatsapp has to decrypt what it's sent at some point so it can actually show it to you, the user. So, if you have root on your phone, it's going to be possible to figure out how Whatsapp does it.

4
0
Silver badge

Re: Decryption

That's what I thought, easpecially as it needed network traffic data as well.

2
0
WTF?

What's the point?

The article says:

This data included WhatsApp phone numbers, WhatsApp phone call establishment metadata and date-time stamps, as well as WhatsApp phone call duration metadata and associated date-time stamps. They also were able to acquire WhatsApp's phone call voice codec (Opus) and WhatsApp's relay server IP addresses used during the calls.

So, this "collecting" phone numbers, call duration and other stuff is clearly what WhatsApp needs to make the call.

Don't know exactly what the article is about. Somebody has looked into WhatsApp traffic and fails to find someone with their hand in the cookie jar?

24
0
Silver badge
Big Brother

Collects stuff

I thought everyone knew this was pointless spyware.

5
13

From my reading of the paper

the story isn't that WhatsApp is doing a nefarious data slurp, but that it's possible to decrypt its network traffic and extract forensically relevant metadata from it.

(http://www.fit.vutbr.cz/research/pubs/index.php?file=%2Fpub%2F10979%2FWhatsApp.pdf&id=10979)

12
0
Silver badge

Re: From my reading of the paper

No, that's a paper. No argument there. Now where's the story?

0
1

This post has been deleted by its author

This post has been deleted by its author

Anonymous Coward

Aside, Whatsapp voice call quality...

Is unbelievably good over wifi, for those who haven't tried it yet.

2
1

This post has been deleted by its author

Re: Aside, Whatsapp voice call quality...

Sure, but who are you going to call with it?

2
1
Silver badge

Re: Aside, Whatsapp voice call quality...

Ghostbusters!

14
0
Silver badge

Re: Aside, Whatsapp voice call quality...

Young people! Don't waste money on expensive smart phones running whatsapp. Simply stand next to those with whom you wish to communicate and experience crystal clear reception.

12
0

This post has been deleted by its author

Anonymous Coward

I guess that's why smart people use secure messaging services (Threema, Wickr, etc.).

1
2
Boffin

Decryption

WhatsApp does not encrypt images, so it's easy to find them on your phone, if you need to. The text messages are saved as encrypted .db files using the .crypt8 extension. If you would like to read your backup of files you may follow these instructions:

http://www.digitalinternals.com/security/decrypt-whatsapp-crypt8-database-messages/419/

0
0

This post has been deleted by its author

Anonymous Coward

Bespoke

I have bespoke created a bespoke tool to bespoke the inter net. Now bespoke to the rest of the bespoke world I would bespoke like to release bespoke it under the bespoke GPL.

I have bespoken my bespoke piece.

2
2
Anonymous Coward

Re: Bespoke

Now listen here, dawg...

1
0

So this is on Android only???

0
0

Bottom line: this paper says WhatsApp does what it needs to do. I switched to WhatsApp and Line when a WeChat update (WeChat is used by all my Chinese friends and colleagues) required access to heart data from my wearable. At least it asked permission. I said no.

0
0

WhatsApp asks for permission to see *everything* when you install it

Which is why I declined at that point. Creepy, but quite upfront about it.

It is a Facebook company after all, so creepiness is part of the business model.

One day they will threaten to release all your data if you don't pay regular 'subscription' fees - you have been warned...

2
0
Anonymous Coward

> I switched to WhatsApp and Line when a WeChat update [...] required access to heart data from my wearable.

Well, it makes sense that you would want to terminate the call if one of the participants ceases to be responsive.

2
0
Silver badge
Terminator

heart data

It's to check that you are not an cyborg; hunting people down via WeChat.

0
0
Silver badge
Paris Hilton

> required access to heart data from my wearable

I actually had to read it thrice until I got that "heart" is not a verb here.

0
0
Black Helicopters

Re: One day they will threaten to release all your data if you don't pay regular 'subscription' fees

No. They won't. The freely given data is far too valuable to threaten slowing down the data warehousing. After all, they are in competition with Google, the arch data-theft criminal, to utilise and monetise behavioural AI.

0
0

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

The Register - Independent news and views for the tech community. Part of Situation Publishing