Home » News » Apps » Phone numbers using WhatsApp Click to Chat feature are popping up as Google Search results

Phone numbers using WhatsApp Click to Chat feature are popping up as Google Search results

By Sameer Mitha | Updated on 09-Jun-2020
Phone numbers using WhatsApp Click to Chat feature are popping up as Google Search results
Sameer Mitha Sameer Mitha
08 Jun 2020 13:25
HIGHLIGHTS

Research has found that phone numbers linked to a WhatsApp account are popping up on google search.

Only those numbers linked to “WhatsApp's Click to Chat” feature are popping up on search.

Only the number appears and no other details such as name are visible.

Update (9th June 2020): Athul Jayaram got in touch with Digit to highlight his tweet which says "Whatsapp deployed a fix for http://wa.me domain and phone numbers are not searchable anymore. I am glad to know my research stands valid. I do not have any official confirmation from Facebook Security Team." In another tweet, he says, "But did @WhatsApp and @fbsecurity forgot about http://api.whatsapp.com? Will the fix be deployed just like you did for http://wa.me?"

Original story below

According to former cyber risk consultant,  Athul Jayaram, WhatsApp numbers of those using “WhatsApp's Click to Chat” feature are popping up on Google search. As first reported by Threatpost, “Click to Chat puts users’ mobile phone numbers at risk — by allowing Google Search to index them for anyone to find”. Let’s understand this in a little detail. 

What is Click to Chat on WhatsApp?

According to the WhatsApp blog, WhatsApp's Click to Chat feature “allows you to begin a chat with someone without having their phone number saved in your phone's address book. As long as you know this person’s phone number and they have an active WhatsApp account, you can create a link that will allow you to start a chat with them. By clicking the link, a chat with the person automatically opens. Click to chat works on both your phone and WhatsApp Web”. It is also possible to create a QR code linking to a WhatsApp number to initiate a chat. This is good for all forms of businesses that want to use the convenience of WhatsApp to chat with their customers without having customers save their numbers. 

So what’s the problem? 

Well, according to the source, “Jayaram said that those mobile numbers can also turn up in Google Search results because search engines index Click to Chat metadata. The phone numbers are revealed as part of a URL string (https://wa.me/<phone_number>) and so, this in effect “leaks” the mobile phone numbers of WhatsApp users in plaintext, according to the researcher’s view. The “wa.me” domain is owned and maintained by WhatsApp, according to WHOIS records”. It must, however, be noted that Google Search only results in the revealed the phone numbers and “not the identities of users that they were connected to.” 

So all the users, that do not use the Click to Chat feature, are safe even if they have chatted with a number using the feature. 

Imagine what you could do with a confirmed WhatsApp number? If the number has a person’s profile photo, it is easier to identify who the number belongs to. More importantly, “The researcher maintains that many Click to Chat users are unaware that their phone numbers are being stored in plaintext, indexed by Google Search and discoverable via a relatively simple search query”. 

Users told Threatpost that they were unaware that their number was googlable and surprisingly they had received very few spam calls. Being able to Google a small business contact number isn't anything new and has been the way a lot of people find contact details of small business. 

In any case, it is one thing for a business to knowingly apply for a feature that lets customers reach them easily and it is entirely another thing to have that number appear through a Google Search. 

In a statement, a WhatsApp Spokesperson told digit, “Our Click to Chat feature, which lets users create a URL with their phone number so that anyone can easily message them, is used widely by small and microbusinesses around the world to connect with their customers. While we appreciate this researcher’s report and value the time that he took to share it with us, it did not qualify for a bounty since it merely contained a search engine index of URLs that WhatsApp users chose to make public. All WhatsApp users, including businesses, can block unwanted messages with the tap of a button.” 

 

Sameer Mitha

Sameer Mitha

Sameer Mitha lives for gaming and technology is his muse. When he isn’t busy playing with gadgets or video games he delves into the world of fantasy novels. View Full Profile

New Mobiles
Apple IPhone 15Redmi 12 5GRealme 11 Pro+ 5GApple IPhone 15 PlusNothing Phone 2
Top-10s
Best Mobile Phones under 15,000Best Mobile Phones under 20,000Best Mobile Phones Under 10,000Best Mobile PhonesBest 5G Mobile Phones
Terms of Use Privacy Policy About Us Advertise with us Contact Us SiteMap Current / Past Issue Magazine Subscription
9.9 Group

Digit.in is one of the most trusted and popular technology media portals in India. At Digit it is our goal to help Indian technology users decide what tech products they should buy. We do this by testing thousands of products in our two test labs in Noida and Mumbai, to arrive at indepth and unbiased buying advice for millions of Indians.

We are about leadership – the 9.9 kind Building a leading media company out of India. And, grooming new leaders for this promising industry.

logo logo logo logo logo logo
Copyright © 2007-24 9.9 Group Pvt.Ltd.All Rights Reserved.
Digit.in
Logo
Digit.in
Logo