On June 5,2020 a researcher found that phone numbers tied to WhatsApp accounts are indexed publicly on Google Search creating what he claims is a “privacy issue” for users.
WhatsApp feature called “Click to Chat” puts users’ mobile phone numbers at risk — by allowing Google Search to index them for anyone to find
The problem, Jayaram said, is that those mobile numbers can also turn up in Google Search results, because search engines index Click to Chat metadata. The phone numbers are revealed as part of a URL string (https://wa.me/<phone_number>) and so, this in effect “leaks” the mobile phone numbers of WhatsApp users in plaintext, according to the researcher’s view.
But Jayaram isn’t the first person to report that WhatsApp phone numbers were visible in Google search results. WaBetaInfo, a website that tracks changes in WhatsApp, reported this behaviour in February this year.
After discovering the issue on May 23, Jayaram said he contacted WhatsApp owner Facebook regarding the issue via its bug-bounty program. However, Facebook responded to him saying that data abuse is only covered for Facebook platforms, and not for WhatsApp. A WhatsApp spokesperson on the other hand told Threatpost that WhatsApp is a part of the data-abuse bounty program.
“While we appreciate this researcher’s report and value the time that he took to share it with us, it did not qualify for a bounty since it merely contained a search engine index of URLs that WhatsApp users chose to make public. All WhatsApp users, including businesses, can block unwanted messages with the tap of a button,” he said
0 Comments