Privacy risk: WhatsApp for Windows Phone tags your geolocation metadata to saved photos

News
By Daniel Rubino
published

Privacy in smartphones is always a big deal amongst consumers, so it’s a little odd to see the super popular WhatsApp messaging client have a platform-specific privacy breach regarding geo-location metadata.

The situation is a little convoluted so stick with us when trying to explain.  Photos that are received (not sent) from WhatsApp are automatically tagged with your current location, regardless of your privacy Settings (Applications > Photos + Camera). That means if you were to then pass that photo on to someone else or upload to SkyDrive, your location info will be preserved.

As an example, say Rich Edmonds sends me a photo of his house in the UK. When I save that photo to my gallery in the US (New York), my current location is tagged to that photo. If I were then to email it someone or share it publicly via SkyDrive, you would all see my current location.

Geolocation metadata

GPS info tagged by WhatsApp to a saved image from a user in the UK

Oddly enough, this behavior seems to be restricted to just the Windows Phone version of WhatsApp, as opposed to iOS and Android.  We also tried it on Kik and were unable to replicate the result (indeed Kik strips metadata automatically, so nothing is revealed or added).

The good news is the app is not tagging your photos with your location that you are sending to people, which would be a lot worse. In our case, we rarely download photos from friends and then pass them on to others (and if we sent it to another Windows Phone, it would ironically be over-written by that user’s location data).

Still, it’s discomforting to have your specific GPS coordinates stored unknowingly in your photo gallery. It also raises the question as to why WhatsApp is constantly accessing your geo-location information. Often, ads are targeted based on our current locale so having your info picked up in an app is the norm. But WhatsApp has no ads, which means this must be a side-effect of the optional “share your location” feature (powered by Foursquare). Clearly WhatsApp is constantly accessing your phone’s location for quick revelation when called upon by the user. The problem here is that the app is wrongfully using that info all the time to tag your saved images.

We’ll of course reach out to WhatsApp and Nokia (who are helping them with development) to see if this can be resolved. For now, you’ll want to think twice about passing on photos received from friends or until WhatsApp easily patches this bug.

Thanks, Amir, for the heads up

Daniel Rubino
Daniel Rubino
Editor-in-chief

Daniel Rubino is the Editor-in-chief of Windows Central. He is also the head reviewer, podcast co-host, and analyst. He has been covering Microsoft since 2007, when this site was called WMExperts (and later Windows Phone Central). His interests include Windows, laptops, next-gen computing, and watches. He has been reviewing laptops since 2015 and is particularly fond of 2-in-1 convertibles, ARM processors, new form factors, and thin-and-light PCs. Before all this tech stuff, he worked on a Ph.D. in linguistics, watched people sleep (for medical purposes!), and ran the projectors at movie theaters because it was fun.