Home > Cyber News > WhatsApp FunXMPP Protocol Analyzed, PII Stored on Servers

WhatsApp FunXMPP Protocol Analyzed, PII Stored on Servers

whatsappPrivacy of personal information is slowly becoming a myth. We know enough about the data collection policies of a bunch of global companies and various service providers. The truth is we can easily be identified remotely – by both legitimate organizations and illegal parties.

Spyware aside, beloved applications such as WhatsApp have been drawn to privacy disputes. A new research on the application has revealed that personal information such as phone numbers and call duration is being collected and stored on WhatsApp’s server.

It may only seem logical that identifiable information is stored somewhere. However, users should ask themselves if they have agreed on such data collection prior to installing the app. The research also revealed rather intriguing details about its inner functionalities.

The study has been done by three experts – F. Karpisek from the Brno University of Technology, and Ibrahim Baggili and Frank Breitinger of the Cyber Forensics Research & Education Group at the University of New Haven. Their work focuses on the FunXMPP protocol used by the application. The protocol is an aberration of XMPP, or the Extensible Messaging and Presence Protocol – a protocol used by Google for the GTalk service.

That’s how they discovered that for each successful voice call the application first goes through an authentication process, then validates the conversation participants, sets up a communication channel via the Opus codec at 8 or 16 kHz, authorizes the call’s relay servers, along with the two endpoint IP addresses.

In addition to the technicalities mentioned above, Karpisek, Baggili and Breitinger noticed that WhatsApp sent call metadata to its servers.

Transferred data consists of:

  • Phone numbers;
  • Timestamps;
  • Call duration;
  • Audio codec type.

The researchers then went on spreading their discovery. While we’re waiting for WhatsApp’s official saying in the matter, we can only think of horrific plots of what can happen with our call metadata stored on the app’s servers.

WhatsApp’s protocol hasn’t been analyzed in any other way.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:

  1. Frank Dux

    The privacy-conscious suspected it all along (and used Threema or Wickr instead of WhatsApp).

    1. Milena Dimitrova (Post author)

      Good to know there are people who have their eyes on user privacy! Like yourself, Mr. Dux ;)

  2. U Zapp

    Hi Friends, i’m from Brazil

    Want to know about solutions for WhatsApp Hack, can u help me?

    Nice to be in touch,


    1. MilenaDimitroff

      Hi André, perhaps your account has been hacked?

      1. U Zapp

        No, i have developments in WhatsApp Marketing technologys and i want a hacker help to create a more usefull system/software.



Leave a Comment

Your email address will not be published. Required fields are marked *

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share