Security
Headlines
HeadlinesLatestCVEs

Headline

WhatsApp 2023: New Privacy Features, Settings, and More

The Meta-owned app offers end-to-end encryption of texts, images, and more by default—but its settings aren’t as private as they could be.

Wired
#web#android#mac#apple#google#git#auth#sap

In the summer of 2016, WhatsApp made an unprecedented change. The Meta-owned company turned on end-to-end encryption by default for all of the billion-plus people using it—becoming, in the process, the world’s largest encrypted messenger. Since then, that number has topped 2 billion.

Being end-to-end encrypted by default means nobody at Meta can read, or mine data from, the content of the messages you send. All texts, photos, videos, voice messages, documents, status updates, and calls are encrypted on WhatsApp, and only the people you send them to can access them. Devices decoding encrypted content must verify and exchange security codes as messages are transferred.

The encryption that WhatsApp uses was originally developed by Open Whisper Systems, the group behind the encrypted messaging app rival Signal. In recent years, WhatsApp has introduced additional privacy and security features you can turn on. But even though WhatsApp’s end-to-end encryption does protect your communications, that doesn’t mean the service is as private as it could be by default. In fact, when it comes to WhatsApp versus Signal, we recommend the latter for people wanting the maximum security and privacy options.

However, with more than a third of the world using WhatsApp, its popularity is unrivaled, and you may not be able to drag all of your friends, family, and groups across to Signal. If that milestone is still some way off, here are some tips to make WhatsApp as private as possible.

Updated May 2023: WhatsApp has introduced new privacy features since this story was first published in 2020. These changes are reflected below.

Understand What Data WhatsApp Collects

WhatsApp can collect a lot more information about you than you might think. Much of what it collects is similar to many other apps and can be found in its privacy policies. There are separate privacy policies for the US, Europe, and the UK. There are some differences in what WhatsApp collects, based on Europe’s privacy rules. But the app is also part of Meta’s machine, which also includes Facebook and Instagram, and some information is shared with the parent company. The association alone can put people off using WhatsApp.

The data WhatsApp has about you can come from multiple different sources: the information you provide (such as your phone number to sign up, or your location when you give it permission to share it with a friend), information that is collected automatically (for instance, when you’re online, or when you made a phone call), and information that others share about you (if a friend uploads your phone number, for example).

Automatically collected, WhatsApp says, is information about how you use its services, how often and for how long you are on WhatsApp, and the features you use—including “group name, group picture, group description,” your profile photo, “about information,” and when you were last online. (Some of this information is used for safety features.) On top of that, WhatsApp may also collect information about your phone’s battery level, signal strength, and mobile operator.

In the US, WhatsApp shares your phone number, phone information, IP address, and more with Meta’s other companies, although it says it does not “keep logs of who everyone’s messaging or calling” and doesn’t share contacts with Meta. In Europe, WhatsApp details how it works with Meta’s other companies and the information that is shared more explicitly. However, it’s worth stressing that the content of the messages you send isn’t shared, as Meta doesn’t have access to them due to WhatsApp’s end-to-end encryption.

Location information, when you turn it on, is also collected, and there are cookies that track your activity within the desktop and web versions of the app.

Use Encrypted-to-End Encrypted Backups

WhatsApp allows you to back up your chats and data as a way to move all your information to a new phone. These backups work by storing your data in Google Drive or Apple’s iCloud, depending on which operating system you use. Backups can be handy if you’re moving to a new phone or lose your old device.

If you’re going to use WhatsApp’s backups, you should use the version that is end-to-end encrypted. The company introduced these in 2021 after years of the option being unavailable. In WhatsApp, go to Settings, Chats, Chat Backup, and then once you have turned backups on, tap on End-to-end Encrypted Backup and toggle the option on. This backup requires a separate password, which you should ideally create and store in a password manager. If you lose this password, you won’t be able to get into your encrypted backup.

Turn On Two-Factor Authentication

You should be using two-factor authentication as much as possible—it’s even more important on accounts that hold your sensitive personal information, such as photos and messages. The security method involves adding an extra step to the process when you log in to an account. In most cases, this involves using a security code generated by an app, a code sent via SMS, or a physical security key. (The last of these is the most secure way to protect your accounts with two-factor authentication—and SMS is arguably the least secure of the three options.)

Using WhatsApp is different from logging in to your email. It’s likely that you’ll access the app multiple times a day—on average, I open the app between 50 and 80 times per day. Entering a security code every time this happens would be impractical and frustrating. So instead, WhatsApp’s two-factor authentication, which can be turned on through the Settings menu and then by tapping on Account, uses a PIN.

WhatsApp will semi-regularly ask you to reenter the six-digit PIN you create to access the app. It doesn’t say how often these prompts happen, but they’re irregular enough not to be a barrier to using the app. The PIN will also be required anytime there is an attempt to add your number to a new phone or device. When you’re setting the PIN, there’s also the option to add an email address that can be used to reset the code if you forget it.

Use Disappearing Messages

Your messages don’t have to live forever. It’s possible to turn on disappearing messages for when you want additional privacy or just don’t need to keep what you’re sent for years. There are two ways within WhatsApp to use self-destructing messages: for every new chat you have, or on an individual conversation basis.

To run on disappearing messages by default for new conversations, go to Settings, Privacy, Default Message Timer, and pick how long you want messages to last for. There are three options if you turn the setting on: 24 hours, 7 days, or 90 days. For an existing individual conversation or group chat, open that chat, tap the person’s name at the top of the screen, select Disappearing Messages, and then pick 24 hours, 7 days, 90 days, or Off. You may then have to tap to confirm this.

While turning on disappearing messages will give you some more privacy, it’s worth remembering that whoever you message could still screenshot or take a photograph of what’s on the screen.

In addition to disappearing messages, you can also set photos and views to View Once. This—rather unsurprisingly—behaves exactly how it is described: The message can only opened one time and you can’t go back to it once it’s closed. When sending a photo or video, tap the icon that is contained within a partial circle. If you send a one-time image or video, people cannot screenshot it.

Lock Down WhatsApp Messages

There are inevitably times when you need to hand your phone to someone else—so your children can play games, for instance, or to show a friend a photo. WhatsApp has two features that can help protect your message if your phone falls into someone else’s hands. First, you can turn on Screen Lock, which keeps the app locked unless you open it with Apple’s Face ID or other biometrics on Android devices. To turn it on, go to Settings, Privacy, and select Screen Lock. You’ll need to set up the biometric options before you turn the app lock on.

You can also lock down individual chats on your phone. This means that to send messages to locked chats, you’ll need to use your phone’s passcode, or your face or fingerprint to open up the chats and even see notifications from them. To turn it on, tap on a chat and the person’s name, go to Chat lock, and select the option to lock the chat. This will move the chat into a new folder that can be accessed by swiping down on the Chats tab.

If you’re going for the most private approach, it’s also worth considering that any message that pops up could reveal private information. New message notifications can include the entire message or just some of its content when they flash up on your screen. If these notifications also sit unread, anyone picking up your device may be able to read them without having to unlock the phone. These options can be tweaked in Settings, Notifications, and Show Preview.

Stop People From Seeing Your Personal Info

While WhatsApp’s end-to-end encryption stops law enforcement, internet providers, and even Meta from seeing what you are sending, there are still some additional steps you can take to increase your privacy on your phone and reduce the chances of your number being targeted by spammers or scammers. Because WhatsApp is so popular, it’s regularly the target of social engineering attacks, devised to steal your personal information.

The ways to limit the ways people can interact with your account are all found through Settings, followed by tapping on Privacy. At the most simple, you can tap to turn off read receipts, the two blue ticks that show when someone has seen your message.

More effective are the steps that stop people from adding you to groups. Under the Groups setting, there is the option to limit who can add you to a group. By default, this is set as “everyone.” However, it can be changed to My Contacts, or My Contacts Except…, allowing some exceptions. Deciding to limit who can add you to groups doesn’t mean that you can’t join groups when people aren’t in your contacts. Instead, people wanting to add you to groups can request to do so via a separate message.

Within Privacy, you can also turn off who can see when you last looked at WhatsApp and when you were last online, who can see your profile photo, the About section, and WhatsApp Status. While in the privacy settings, you should also check whether you are sharing your live location with anyone.

Switch to Signal

If you’re looking for more privacy, switching messaging apps is a big upheaval but could be worth the time and effort. As mentioned earlier, our preference for combining end-to-end encryption with greater levels of privacy is Signal. A full rundown of its privacy options is here.

Wired: Latest News

The Worst Hacks of 2024