Follow Us:
Sunday, July 22, 2018

WhatsApp flaw can track when user is online, monitor activity on app

WhatsApp's 'online' status feature can used to monitor exactly when a user is online, according to a blog post written by a software engineer Robert Theaton.

By: Tech Desk | New Delhi | Updated: October 11, 2017 9:05:50 am
WhatsApp, WhatsApp flaw, WhatsApp online tracking, WhatsApp online status, WhatsApp account monitoring, WhatsApp status tracking, WhatsApp online status tracking WhatsApp online status can be used to track, monitor when a user is on the app, and their sleeping patterns.

WhatsApp’s ‘online’ status feature can used to monitor exactly when a user is online, according to a blog post written by a software engineer Robert Theaton. While the contents of the messages can’t be read given that WhatsApp is end-to-end encrypted, the ‘online status’ feature is a flaw, which can be used to keep a track of user’s activity timings on the app.

In fact in his blog, Theaton has described just how easy it was do this, while relying on a laptop, Chrome extension and using WhatsApp web. Theaton though was relying on the ‘last seen’ option, which has privacy settings and gives users the option of blocking strangers. However, as the post points out, the default setting in the ‘last seen’ is often everyone and not many people bother changing this.

According to the blog, he wrote just four lines of Javascript code to start tracking the last seen settings for a user and create a pattern. At the end of the blog, he has also pointed out that while last seen can be restricted, the option of hiding ‘online’ status is not available to the user. Thus monitoring a user is made possible by tracking ‘online.’

How it works is simple. If someone has your mobile number saved in their contacts and this number is connected to your WhatsApp account, then this user will be able to see if you are online on the app. You, the user who is being monitored don’t necessarily need to have the stranger’s number saved on your phone or as part of your WhatsApp contacts.

Theaton’s method has proved that even those not on your contacts list could track when you come online, and thus use the app to keep a create a table of timings around your online activity for WhatsApp.  In our own case, we could also see when a user was online, even though the WhatsApp account number we used was not on this particular person’s contact list. The user’s privacy settings for Last Seen were limited to his contacts, but the ‘online’ status was still visible.

As the post shows, it can also be used to track if two users are online at the same time, like say online late in the night. While this requires more code, tracking when two people are online is possible via WhatsApp. Again, this is not to say the person doing the tracking will be able to read the WhatsApp messages shared, but it is possible to build a usage pattern. WhatsApp has not yet commented on this post or issued a statement around this. Facebook Messenger’s online status also suffers from a similar problem.

For all the latest Technology News, download Indian Express App