Privacy of personal information is slowly becoming a myth. We know enough about the data collection policies of a bunch of global companies and various service providers. The truth is we can easily be identified remotely – by both legitimate organizations and illegal parties.
Spyware aside, beloved applications such as WhatsApp have been drawn to privacy disputes. A new research on the application has revealed that personal information such as phone numbers and call duration is being collected and stored on WhatsApp’s server.
It may only seem logical that identifiable information is stored somewhere. However, users should ask themselves if they have agreed on such data collection prior to installing the app. The research also revealed rather intriguing details about its inner functionalities.
The study has been done by three experts – F. Karpisek from the Brno University of Technology, and Ibrahim Baggili and Frank Breitinger of the Cyber Forensics Research & Education Group at the University of New Haven. Their work focuses on the FunXMPP protocol used by the application. The protocol is an aberration of XMPP, or the Extensible Messaging and Presence Protocol – a protocol used by Google for the GTalk service.
That’s how they discovered that for each successful voice call the application first goes through an authentication process, then validates the conversation participants, sets up a communication channel via the Opus codec at 8 or 16 kHz, authorizes the call’s relay servers, along with the two endpoint IP addresses.
In addition to the technicalities mentioned above, Karpisek, Baggili and Breitinger noticed that WhatsApp sent call metadata to its servers.
Transferred data consists of:
- Phone numbers;
- Call duration;
- Audio codec type.
The researchers then went on spreading their discovery. While we’re waiting for WhatsApp’s official saying in the matter, we can only think of horrific plots of what can happen with our call metadata stored on the app’s servers.
WhatsApp’s protocol hasn’t been analyzed in any other way.