Researchers discover new bug in WhatsApp caused by the web client not syncing well with the mobile app.
A new security flaw has been discovered in WhatsApp that allows strangers to see users profile photos, even when set to be viewable to friends only, according to security researchers.
The security bug was discovered by 17-year-old security researcher Indrajeet Bhuyan, and is a result of the phone app not being properly synced with the new web interface that WhatsApp launched recently. The bug allows people to see the profile photos of strangers, even after they have added the security settings for friends only. The web app also allows users to see photos that they would have deleted, while on the phone app, those photos get blurred out. Bhuyan had earlier found bugs in WhatsApp that made the app to crash on Android phones by sending a small message to users.
Facebook-owned WhatsApp has been ensuring users privacy and security remain a priority with the company. The popular messaging app recently introduced end-to-end encryption for its 700 million users. The company also introduced the web client in January this year. Many users were excited to respond to messages from their PC, but also received backlash for its limited compatibility and functions.
Security expert Graham Cluley stated in a blog post, "Sure, it's not the most serious privacy breach that has ever occurred, but that's missing the point. The fact of the matter is that WhatsApp users chose to keep their profile photos private, and their expectation is that WhatsApp will honor their choices and only allow their photos to be viewable by those who the user has approved."