A joint investigation by Canadian and Dutch officials has determined that popular mobile messaging program WhatsApp violates privacy laws of both countries. The problem is that the application, which lets users text each other over the internet in order to circumvent carrier texting charges, requires users to grant it access to their entire address book and not just the contacts who use it.
Jacob Kohnstamm, chairman of the Dutch Data Protection Authority, said in a statement:
"The address book contains phone numbers of both users and non-users. This lack of choice contravenes (Dutch and Canadian) privacy law."
The iOS 6 version of WhatsApp lets users add contacts manually, avoiding such privacy issues. However, versions for Windows Phone, Android and Blackberry still require access to all contacts. WhatsApp, Inc., makers of the program, have reportedly committed to resolving the issue, but have not yet provided a timeline for doing so.
Last January, Canada's Office of the Privacy Commissioner conducted an investigation based on "reasonable grounds" that WhatsApp "collecting, using, disclosing and retaining personal information" in such a way that it was in violation of Canadian privacy law. Dutch officials joined in shortly after.
The report says that the investigation turned up other privacy concerns, which were quickly resolved by WhatsApp, Inc.
- Messages between users were unencrypted at the start of the investigation, "leaving them prone to eavesdropping or interception, especially when sent through unprotected Wi-Fi networks." In response to the investigation, WhatsApp introduced encryption in September 2012.
- WhatsApp generated passwords for message exchanges using information about the mobile devices involved that "can be relatively easily exposed," creating the risk that a third-party could send and receive messages on a user's behalf without them knowing. Password security was upgraded in the newest version of the app.
In a deserved pat on their own back, officials said that their cooperative effort "has led to WhatsApp making and committing to make further changes in order to better protect users’ personal information.” This is a win-win situation for consumers who want to keep their information private and for WhatsApp, who has demonstrated that they are willing to do the right thing to protect their customers.
We will keep you posted if we hear any updates.
Source: CBC
