Data protection: WhatsApp

Chat with risks

WhatsApp is one of the most unsecure online networks as it completely lacks of any data protection measures.

In the last two to three years, teenagers changed from Facebook to WhatsApp. It became the top application for interaction and chatting with friends. Soon also adults began to use the messenger. By now, there are about 700 mio. users worldwide who share 30 mio. messages, 7000 mio. photos and 100 mio. videos every day.

In Austria, the number of users is estimated to be one million. WhatsApp seems to replace SMS and MMS and it sounds to be a good and even free service. However, there is one big problem: Data protection is rather bad - even more so than with other similar services.

Access to contacts, location, camera...

It begins with the registration. If you want to download the app to your smartphone, you have to make several dubious concessions as the messenger requests access to app purchases, app history, identity of the mobile phone owner, contacts, location, SMS, photos, media and other data, camera and microphon, WLAN connection information and device ID as well as call-info.

The service requests the user's approval for access to all sorts of things and can collect data on its servers right after installation. This is worrying in general, but especially regarding contacts as it catches hold of information about persons who have no direct connection to the application and never agreed to anything concerning it.

Only after the approval the user is forwarded to the welcoming page where he has to sign the terms and conditions in order to be able to use the service. Only a small minority of all users clicks on the link to the terms and conditions, let alone reads through all twelve pages of the text.

The terms and conditions are only provided in English. In Germany this has been declared unlawful, but the company has not yet reacted and didn't publish a German version. According to Austrian law, the case is similar. As soon as an application provides its services in German, it has to translate its terms and conditions.

Nevertheless, the list of clauses is very telling: WhatsApp...

  • can change its terms and conditions at any time and it is the responsibility of the user to be up-to-date.
  • is not allowed for persons under the age of 16. But: WhatsApp never asks.
  • obtains the rights on data and content of users.
  • does not guarantee that content is treated as confidential and transferred safely.
  • reserves the right to share user data with third parties whenever necessary for the use, maintenance or improvement of the service.

No one really knows what the company does with all collected user data and how long it keeps them. WhatsApp states that data is only saved until it is received by the recipient, for a maximum of 30 days. However, so far no one was able to prove whether this statement is true or not. 

Connection to Facebook

The social media giant Facebook took over WhatsApp and therefore secured its position as a market leader in the field of online networks. Back then, the managers of both companies promised that customer data would not be merged.

The aim would be to exchange opinions and strategies, also on possibilities to gain money, a Facebook manager said some time ago. This statement makes it even harder to believe that the data will stay seperated, as connected data holds much more potential to gain revenue.

Easy to enter

In the terms and conditions, WhatsApp also withdraws from all responsibility for the case that unauthorized persons gain access to data. This scenario is not unrealistic, as software developers have shown on several occasions in the past.

The Dutchman Maikel Zweerink developed the relatively simple-to-use service WhatsSpy Public with which online status, profile pictures, status and data protection settings of every WhatsApp user can be monitored.

Researchers of the German university Ulm developed a software to examine the online status of every user without his knowledge and without the need of a hacking - even if the user deactivated the so-called time stamp ("last online"). With this data, the experts were able to get a significant insight into the daily routine of users.

Delete WhatsApp?

The decision to delete WhatsApp for many users is not as easy as it may sound. Besides technical obstacles (find an instruction on how to delete it here:, it is a very popular and common messenger. This means that deleting it would probably lead to exclusion from communication with friends or relatives.

Even though alternative services do exist and have gained popularity since Facebook took over WhatsApp, users would still have to convince their friends to also switch to another app. The service Line, for example, gains money just by selling stickers. Who mainly uses WhatsApp for group chats may find the app GroupMe as an attractive alternative.

Or KakaoChat: The services works with encrypted communication and has an ISO certificate for data protection. Other popular apps are Viber, Threema and MyEnigma as they also have completely encrypted communication.

Adjust settings

Who decides to stay with WhatsApp should at least check the data protection settings, even though such steps are only a small remedy. Two grey hooks symbolise that a message was send and received by the recipient. If the color changes to blue, the message was read by the recipient.

Under "settings" -> "account" -> "data protection", the reading confirmation can be disabled, so that the chat partner can't see whether or not the user read the message and vice versa.

The "last online" status can also be disabled under "data protection", so other users can't see when you used WhatsApp. The current online status can't be hidden. Regarding the profile picture and status, the user can choose whether everyone, only his contacts or even nobody can see them. It is not recommended to choose "everybody".  

Copyright of the German version: 2015 Verein für Konsumenteninformation (VKI)

Translated by European Consumer Centre Austria (ECC)

Links zum Thema

Verein für Konsumenteninformation (VKI) WhatsApp (DE)

Share this post


Please give us permission to use your data for internal analysis. We do not pass on your data. Please also read our data protection declaration.