Wales

WhatsApp and Other Closed Messaging Apps

WhatsApp and other closed messaging apps such as Wickr, Signal and Telegram are hugely popular not only as private chat spaces but also as social media platforms and applications in their own right. Their use increased dramatically with the need to maintain contact and share topical content during the COVID-19 pandemic.

As the term ‘closed messaging apps’ suggests, they differ from platforms and apps such as Twitter and Facebook in that they are completely ‘closed’ between message sender and recipient, unlike traditional social media where everything is visible to those who have permission to view the account.

The reason that messages, content and images can be shared with so many users is that many people either routinely or selectively pass on what they receive to their own, often multiple contacts. Also, they generally feature the ability for groups, all members of whom will see a message to that group.

This makes them very effective for sharing far and wide, but also demands that you don’t inadvertently send or share content to the wrong recipients, which could lead to your own or others’ embarrassment or upset or even affect your current or future relationships or career prospects. If you’re sharing confidential details, it could lead to financial risk, or your family’s safety.

Some risks of using WhatsApp and other closed messaging applications

  • Being compromised via the app, in the following different ways:
  • Financial fraud: receiving a message from someone on a number you don’t recognise claiming to be a family member or friend, informing you they have changed their phone number. Having convinced you that this is authentic, they then request money to solve ‘a problem which needs payment’, never to be heard of again. This is known as the ‘Friend in Need’ or ‘Mum and Dad’ scam.
  • Data theft: receiving a text message purporting to come from WhatsApp, containing a login code, which is a two-factor authentication (2FA) code proving you are in possession of the phone number. You then receive a WhatsApp message purporting to be from a family member or friend along the lines of “I accidentally sent you my WhatsApp login code but have now deleted it, could you send it back to me please?” They can then log into your account as you, exclude you from accessing it and create havoc impersonating you. They can also use the same scam to hack everyone in your contact list.
  • Identity/data theft: receiving a message allegedly originating from a retailer or other organisation, which is an advertisement for an attractive offer, giveaway or other incentive. The message includes a link that takes you to a set of questions, encouraging you to supply personal data. You are then also encouraged to share the link with your contacts for a chance to take advantage of the same offer.
  • Your data being shared with other organisations. For example, in 2020 WhatsApp, which is owned by Facebook’s parent company Meta, updated its terms to allow data sharing between the two, in certain countries but not the UK.
  • Messages and calls being intercepted if encryption is not used.
  • Some closed messaging apps, including WhatsApp, collect metadata information about you, such as who you message (gained from your contacts list), when and for how long, as well as your device, phone number and IP address.

Safe use of WhatsApp and other messaging apps

  • If you get a message requesting money, check it isn’t a scam by calling the person it claims to come from on the original number you know to be correct.
  • Never reveal security codes for any accounts to anybody, however genuine the message seems.
  • If you receive a message asking for your WhatsApp or other messaging app verification code, ignore and delete it. If you find out that your account has been compromised, try to log in and remove the illicit user. Warn the contact whom the message claimed to come from, that they have been hacked.
  • WhatsApp features end-to-end encryption – which means your private messages and calls are scrambled – by default to maintain your privacy. However, with some other closed messaging apps you need to manually select encryption.
  • If you are concerned about your usage metadata being collected, set up a VPN (virtual private network) on your device to prevent this.
  • We recommend you specify the optional two-factor authentication feature, requiring a PIN to verify your phone number on any device. Find out how here.
  • Note that messages are not stored on WhatsApp servers after being delivered to the recipient. If undelivered, messages are automatically deleted from the server after 30 days.

 

In partnership with

Jargon Buster

A Glossary of terms used in this article:

Encrypted

The process of converting data into cipher text (a type of code) to prevent it from being understood by an unauthorised party.

IP address

Internet Protocol address: a unique address that is used to identify a computer or mobile device on the internet.

PIN

Personal Identification Number.

Virtual Private Network

Virtual Private Network: a method of creating a secure connection between two points over the internet. Normally used only for business-to-business communications.