WhatsApp says vulnerabilities in smartphone operating systems compromised the privacy of users
End-to-end encryption feature was not broken into, the company said
Facebook said Apple and Google also accountable for the spyware attack
Amid the constantly-evolving Pegasus WhatsApp spying scandal, the world’s most popular messaging app has claimed that its end-to-end encryption was not broken into. Further, in an attempt to clear its name, the social media giant has now thrown the ball in Apple and Google’s court.
Facebook defended itself by saying that WhatsApp is secured with end-to-end encryption and it was the vulnerabilities in smartphone operating systems — Android and iOS developed by Google and Apple — that have compromised the privacy of WhatsApp users in the Pegasus breach.
Since most smartphones run on Google’s Android with Apple’s iOS having the second largest market share, WhatsApp seems to be hinting at larger issues of device security and privacy, beyond just this incident.
Explaining the issue, Facebook said that the Israeli spyware Pegasus was installed through a WhatsApp call routed by NSO over WhatsApp’s server. “The access to a phone was made possible by reverse-engineering Whatsapp and fooling the server to believe that spyware code was Whatsapp traffic. Therefore, technically, the end-to-end encryption feature was not broken,” said Facebook.
Not only has the spying attack called into question the integrity of tech platforms but it has also raised the question of government-backed snooping on private citizens in the name of security. In the aftermath of the news, many have blamed WhatsApp. In the days following the revelations of the spying scandal, WhatsApp’s downloads in India dipped sharply.
Based on data from mobile analytics and intelligence firm, Sensor Tower, Business Standard reported that between October 17 and 25, WhatsApp was installed 8.9 Mn times. However, after the spying attack was reported, the number fell down to 1.8 Mn for the next nine-day period — a whopping 80% decline. Inc42 was unable to independently verify the authenticity of these figures.
Will WhatsApp Weaken Its End-To-End Encryption?
In the context of messaging apps, end-to-end encryption enables users to have secured communication, the contents of which are not visible to the provider and which are not stored on servers. This makes it difficult for hackers and governments to snoop into traffic and communication on the platform.
However, the Indian government has always been an adversary of end-to-end encryption as it wants to bring in the traceability of messages originating from WhatsApp and other apps with encryption. The issue is currently being heard in the Supreme Court. The government says that the traceability will help law enforcement agencies fight terrorism, dissemination of child pornography or the propagation of hate speech.
Raising the same concern, the government has been pushing WhatsApp to grant it access to encrypted messages. However, the social media company seems to be in no mood to give up on its end-to-end encryption, claiming that traceability would hamper user privacy.